From fc7680ddf415eab81fd3f674c5ad75a5a15cf2b0 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 27 Jan 2021 10:33:19 +0200 Subject: [PATCH] Force-update translation po/ipa.pot Signed-off-by: Alexander Bokovoy --- po/ipa.pot | 16121 +++++++++++++++++++++++++-------------------------- 1 file changed, 8023 insertions(+), 8098 deletions(-) diff --git a/po/ipa.pot b/po/ipa.pot index ffea08ab4..59d47b3ec 100644 --- a/po/ipa.pot +++ b/po/ipa.pot @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: freeipa 4.9.0rc3.dev202012231412+gita3058d528\n" +"Project-Id-Version: freeipa 4.10.0.dev202101270756+gitfdd5ba3f4\n" "Report-Msgid-Bugs-To: https://pagure.io/freeipa/new_issue\n" -"POT-Creation-Date: 2020-12-23 16:29+0200\n" +"POT-Creation-Date: 2021-01-27 10:31+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -357,119 +357,6 @@ msgstr "" msgid "read error\n" msgstr "" -#: client/ipa-rmkeytab.c:43 -#, c-format -msgid "Unable to parse principal name\n" -msgstr "" - -#: client/ipa-rmkeytab.c:45 -#, c-format -msgid "krb5_parse_name %1$d: %2$s\n" -msgstr "" - -#: client/ipa-rmkeytab.c:55 -#, c-format -msgid "Removing principal %s\n" -msgstr "" - -#: client/ipa-rmkeytab.c:68 -#, c-format -msgid "Failed to open keytab\n" -msgstr "" - -#: client/ipa-rmkeytab.c:72 -#, c-format -msgid "principal not found\n" -msgstr "" - -#: client/ipa-rmkeytab.c:74 -#, c-format -msgid "krb5_kt_get_entry %1$d: %2$s\n" -msgstr "" - -#: client/ipa-rmkeytab.c:82 -#, c-format -msgid "Unable to remove entry\n" -msgstr "" - -#: client/ipa-rmkeytab.c:84 -#, c-format -msgid "kvno %d\n" -msgstr "" - -#: client/ipa-rmkeytab.c:85 -#, c-format -msgid "krb5_kt_remove_entry %1$d: %2$s\n" -msgstr "" - -#: client/ipa-rmkeytab.c:119 -#, c-format -msgid "Unable to parse principal\n" -msgstr "" - -#: client/ipa-rmkeytab.c:121 -#, c-format -msgid "krb5_unparse_name %1$d: %2$s\n" -msgstr "" - -#: client/ipa-rmkeytab.c:143 -#, c-format -msgid "realm not found\n" -msgstr "" - -#: client/ipa-rmkeytab.c:169 -msgid "Print debugging information" -msgstr "" - -#: client/ipa-rmkeytab.c:169 -msgid "Debugging output" -msgstr "" - -#: client/ipa-rmkeytab.c:171 -msgid "" -"The principal to remove from the keytab (ex: ftp/ftp.example.com@EXAMPLE.COM)" -msgstr "" - -#: client/ipa-rmkeytab.c:172 client/ipa-getkeytab.c:769 -msgid "Kerberos Service Principal Name" -msgstr "" - -#: client/ipa-rmkeytab.c:174 -msgid "The keytab file to remove the principcal(s) from" -msgstr "" - -#: client/ipa-rmkeytab.c:174 client/ipa-getkeytab.c:773 -msgid "Keytab File Name" -msgstr "" - -#: client/ipa-rmkeytab.c:176 -msgid "Remove all principals in this realm" -msgstr "" - -#: client/ipa-rmkeytab.c:176 ipaclient/remote_plugins/2_114/trust.py:111 -msgid "Realm name" -msgstr "" - -#: client/ipa-rmkeytab.c:190 client/ipa-getkeytab.c:822 -#, c-format -msgid "Kerberos context initialization failed\n" -msgstr "" - -#: client/ipa-rmkeytab.c:230 client/ipa-rmkeytab.c:237 -#, c-format -msgid "Failed to open keytab '%1$s': %2$s\n" -msgstr "" - -#: client/ipa-rmkeytab.c:253 -#, c-format -msgid "Closing keytab failed\n" -msgstr "" - -#: client/ipa-rmkeytab.c:255 -#, c-format -msgid "krb5_kt_close %1$d: %2$s\n" -msgstr "" - #: client/ipa-getkeytab.c:84 #, c-format msgid "Kerberos context initialization failed: %1$s (%2$d)\n" @@ -626,12 +513,20 @@ msgstr "" msgid "The principal to get a keytab for (ex: ftp/ftp.example.com@EXAMPLE.COM)" msgstr "" +#: client/ipa-getkeytab.c:769 client/ipa-rmkeytab.c:198 +msgid "Kerberos Service Principal Name" +msgstr "" + #: client/ipa-getkeytab.c:771 msgid "" "The keytab file to append the new key to (will be created if it does not " "exist)." msgstr "" +#: client/ipa-getkeytab.c:773 client/ipa-rmkeytab.c:200 +msgid "Keytab File Name" +msgstr "" + #: client/ipa-getkeytab.c:775 msgid "Encryption types to request" msgstr "" @@ -700,6 +595,11 @@ msgstr "" msgid "Retrieve current keys without changing them" msgstr "" +#: client/ipa-getkeytab.c:822 client/ipa-rmkeytab.c:216 +#, c-format +msgid "Kerberos context initialization failed\n" +msgstr "" + #: client/ipa-getkeytab.c:835 util/ipa_krb5.c:892 #, c-format msgid "No system preferred enctypes ?!\n" @@ -819,6 +719,181 @@ msgstr "" msgid "Keytab successfully retrieved and stored in: %s\n" msgstr "" +#: client/ipa-rmkeytab.c:51 +#, c-format +msgid "Unable to parse principal name\n" +msgstr "" + +#: client/ipa-rmkeytab.c:53 +#, c-format +msgid "krb5_parse_name %1$d: %2$s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:63 +#, c-format +msgid "Removing principal %s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:76 +#, c-format +msgid "Failed to open keytab\n" +msgstr "" + +#: client/ipa-rmkeytab.c:80 +#, c-format +msgid "principal not found\n" +msgstr "" + +#: client/ipa-rmkeytab.c:82 +#, c-format +msgid "krb5_kt_get_entry %1$d: %2$s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:90 +#, c-format +msgid "Unable to remove entry\n" +msgstr "" + +#: client/ipa-rmkeytab.c:92 +#, c-format +msgid "kvno %d\n" +msgstr "" + +#: client/ipa-rmkeytab.c:93 +#, c-format +msgid "krb5_kt_remove_entry %1$d: %2$s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:124 client/ipa-rmkeytab.c:146 +#: client/ipa-rmkeytab.c:160 client/ipa-rmkeytab.c:263 +#, c-format +msgid "Failed to set cursor '%1$s'\n" +msgstr "" + +#: client/ipa-rmkeytab.c:133 +#, c-format +msgid "Unable to parse principal\n" +msgstr "" + +#: client/ipa-rmkeytab.c:135 +#, c-format +msgid "krb5_unparse_name %1$d: %2$s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:169 +#, c-format +msgid "realm not found\n" +msgstr "" + +#: client/ipa-rmkeytab.c:195 +msgid "Print debugging information" +msgstr "" + +#: client/ipa-rmkeytab.c:195 +msgid "Debugging output" +msgstr "" + +#: client/ipa-rmkeytab.c:197 +msgid "" +"The principal to remove from the keytab (ex: ftp/ftp.example.com@EXAMPLE.COM)" +msgstr "" + +#: client/ipa-rmkeytab.c:200 +msgid "The keytab file to remove the principcal(s) from" +msgstr "" + +#: client/ipa-rmkeytab.c:202 +msgid "Remove all principals in this realm" +msgstr "" + +#: client/ipa-rmkeytab.c:202 ipaclient/remote_plugins/2_114/trust.py:111 +msgid "Realm name" +msgstr "" + +#: client/ipa-rmkeytab.c:256 +#, c-format +msgid "Failed to open keytab '%1$s': %2$s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:279 +#, c-format +msgid "Closing keytab failed\n" +msgstr "" + +#: client/ipa-rmkeytab.c:281 +#, c-format +msgid "krb5_kt_close %1$d: %2$s\n" +msgstr "" + +#: ipaclient/frontend.py:28 ipaclient/frontend.py:90 +#: ipaserver/plugins/baseldap.py:53 +msgid "Failed members" +msgstr "" + +#: ipaclient/frontend.py:32 ipaserver/plugins/baseldap.py:174 +msgid "Failed source hosts/hostgroups" +msgstr "" + +#: ipaclient/frontend.py:36 ipaserver/plugins/baseldap.py:177 +msgid "Failed hosts/hostgroups" +msgstr "" + +#: ipaclient/frontend.py:40 ipaserver/plugins/baseldap.py:180 +msgid "Failed users/groups" +msgstr "" + +#: ipaclient/frontend.py:44 ipaserver/plugins/baseldap.py:183 +msgid "Failed service/service groups" +msgstr "" + +#: ipaclient/frontend.py:48 ipaserver/plugins/baseldap.py:186 +msgid "Failed to remove" +msgstr "" + +#: ipaclient/frontend.py:53 ipaserver/plugins/baseldap.py:190 +msgid "Failed RunAs" +msgstr "" + +#: ipaclient/frontend.py:57 ipaserver/plugins/baseldap.py:193 +msgid "Failed RunAsGroup" +msgstr "" + +#: ipaclient/frontend.py:62 ipaserver/plugins/caacl.py:473 +msgid "Failed profiles" +msgstr "" + +#: ipaclient/frontend.py:66 ipaserver/plugins/caacl.py:476 +msgid "Failed CAs" +msgstr "" + +#: ipaclient/frontend.py:71 ipaserver/plugins/hostgroup.py:95 +#: ipaserver/plugins/group.py:183 +msgid "Failed member manager" +msgstr "" + +#: ipaclient/frontend.py:76 ipaserver/plugins/host.py:209 +msgid "Failed managedby" +msgstr "" + +#: ipaclient/frontend.py:81 ipaserver/plugins/host.py:236 +#: ipaserver/plugins/service.py:158 +msgid "Failed allowed to retrieve keytab" +msgstr "" + +#: ipaclient/frontend.py:85 ipaserver/plugins/host.py:239 +#: ipaserver/plugins/service.py:161 +msgid "Failed allowed to create keytab" +msgstr "" + +#: ipaclient/frontend.py:94 +msgid "Failed targets" +msgstr "" + +#: ipaclient/frontend.py:99 ipaclient/remote_plugins/2_156/vault.py:223 +#: ipaserver/plugins/vault.py:637 +msgid "Failed owners" +msgstr "" + #: ipaclient/plugins/automember.py:33 ipaserver/plugins/automember.py:342 msgid "Failed to add" msgstr "" @@ -904,62 +979,6 @@ msgstr "" msgid "Skipped %(key)s" msgstr "" -#: ipaclient/plugins/cert.py:44 ipaclient/plugins/ca.py:19 -msgid "Write certificate (chain if --chain used) to file" -msgstr "" - -#: ipaclient/plugins/cert.py:79 -msgid "Path to NSS database" -msgstr "" - -#: ipaclient/plugins/cert.py:80 -msgid "Path to NSS database to use for private key" -msgstr "" - -#: ipaclient/plugins/cert.py:84 -msgid "Path to private key file" -msgstr "" - -#: ipaclient/plugins/cert.py:85 -msgid "Path to PEM file containing a private key" -msgstr "" - -#: ipaclient/plugins/cert.py:90 -msgid "File containing a password for the private key or database" -msgstr "" - -#: ipaclient/plugins/cert.py:94 -msgid "Name of CSR generation profile (if not the same as profile_id)" -msgstr "" - -#: ipaclient/plugins/cert.py:147 -msgid "Generated CSR was empty" -msgstr "" - -#: ipaclient/plugins/cert.py:152 -msgid "Options 'database' and 'private_key' are not compatible with 'csr'" -msgstr "" - -#: ipaclient/plugins/cert.py:187 -msgid "Unrevoked" -msgstr "" - -#: ipaclient/plugins/cert.py:190 ipaserver/plugins/internal.py:293 -msgid "Error" -msgstr "" - -#: ipaclient/plugins/cert.py:200 -msgid "Input filename" -msgstr "" - -#: ipaclient/plugins/cert.py:201 -msgid "File to load the certificate from." -msgstr "" - -#: ipaclient/plugins/cert.py:210 ipaclient/plugins/certmap.py:41 -msgid "cannot specify both raw certificate and file" -msgstr "" - #: ipaclient/plugins/certmap.py:19 msgid "Input file" msgstr "" @@ -968,62 +987,15 @@ msgstr "" msgid "File to load the certificate from" msgstr "" +#: ipaclient/plugins/certmap.py:41 ipaclient/plugins/cert.py:130 +msgid "cannot specify both raw certificate and file" +msgstr "" + #: ipaclient/plugins/certprofile.py:25 #, python-format msgid "Profile configuration stored in file '%(file)s'" msgstr "" -#: ipaclient/plugins/csrgen.py:25 -msgid "" -"\n" -"Commands to build certificate requests automatically\n" -msgstr "" - -#: ipaclient/plugins/csrgen.py:32 -msgid "Gather data for a certificate signing request." -msgstr "" - -#: ipaclient/plugins/csrgen.py:39 ipaclient/remote_plugins/2_114/service.py:89 -msgid "Principal" -msgstr "" - -#: ipaclient/plugins/csrgen.py:40 ipaclient/remote_plugins/2_156/cert.py:281 -msgid "Principal for this certificate (e.g. HTTP/test.example.com)" -msgstr "" - -#: ipaclient/plugins/csrgen.py:45 -#: ipaserver/plugins/certprofile.py:122 -msgid "Profile ID" -msgstr "" - -#: ipaclient/plugins/csrgen.py:46 -msgid "CSR Generation Profile to use" -msgstr "" - -#: ipaclient/plugins/csrgen.py:50 -msgid "Subject Public Key Info" -msgstr "" - -#: ipaclient/plugins/csrgen.py:51 -msgid "DER-encoded SubjectPublicKeyInfo structure" -msgstr "" - -#: ipaclient/plugins/csrgen.py:55 -msgid "Write CertificationRequestInfo to file" -msgstr "" - -#: ipaclient/plugins/csrgen.py:63 ipaclient/remote_plugins/2_114/misc.py:57 -msgid "Dictionary mapping variable name to value" -msgstr "" - -#: ipaclient/plugins/csrgen.py:70 -msgid "CertificationRequestInfo structure" -msgstr "" - -#: ipaclient/plugins/csrgen.py:109 ipaserver/plugins/cert.py:1034 -msgid "The principal for this request doesn't exist." -msgstr "" - #: ipaclient/plugins/host.py:41 ipaclient/plugins/service.py:43 #: ipaclient/plugins/user.py:74 #, python-format @@ -1072,14 +1044,14 @@ msgid "" "reading/writing YubiKey tokens directly.\n" msgstr "" -#: ipaclient/plugins/otptoken_yubikey.py:47 ipaserver/plugins/certmap.py:60 -#: ipaserver/plugins/dnsserver.py:39 ipaserver/plugins/ca.py:35 -#: ipaserver/plugins/radiusproxy.py:43 ipaserver/plugins/automember.py:63 -#: ipaserver/plugins/cert.py:99 ipaserver/plugins/serverrole.py:19 -#: ipaserver/plugins/location.py:37 ipaserver/plugins/vault.py:90 -#: ipaserver/plugins/schema.py:34 ipaserver/plugins/server.py:40 -#: ipaserver/plugins/otptoken.py:49 ipaserver/plugins/permission.py:97 -#: ipaserver/plugins/sudorule.py:70 ipaserver/plugins/host.py:104 +#: ipaclient/plugins/otptoken_yubikey.py:47 ipaserver/plugins/sudorule.py:71 +#: ipaserver/plugins/otptoken.py:49 ipaserver/plugins/dnsserver.py:39 +#: ipaserver/plugins/host.py:104 ipaserver/plugins/vault.py:90 +#: ipaserver/plugins/radiusproxy.py:43 ipaserver/plugins/cert.py:99 +#: ipaserver/plugins/permission.py:97 ipaserver/plugins/location.py:37 +#: ipaserver/plugins/schema.py:34 ipaserver/plugins/serverrole.py:19 +#: ipaserver/plugins/certmap.py:60 ipaserver/plugins/automember.py:63 +#: ipaserver/plugins/ca.py:35 ipaserver/plugins/server.py:40 msgid "" "\n" "EXAMPLES:\n" @@ -1173,6 +1145,10 @@ msgstr "" msgid "preserve and no-preserve cannot be both set" msgstr "" +#: ipaclient/plugins/ca.py:19 ipaclient/plugins/cert.py:39 +msgid "Write certificate (chain if --chain used) to file" +msgstr "" + #: ipaclient/plugins/dns.py:137 ipaserver/plugins/dns.py:3548 msgid "Split DNS record to parts" msgstr "" @@ -1277,8 +1253,8 @@ msgid "User ID" msgstr "" #: ipaclient/plugins/otptoken.py:143 ipaclient/remote_plugins/2_114/host.py:187 -#: ipaserver/plugins/internal.py:408 ipaserver/plugins/internal.py:1694 -#: ipaserver/plugins/migration.py:534 ipaserver/plugins/baseldap.py:49 +#: ipaserver/plugins/internal.py:190 ipaserver/plugins/internal.py:408 +#: ipaserver/plugins/internal.py:1694 ipaserver/plugins/migration.py:534 #: ipaserver/plugins/baseuser.py:277 msgid "Password" msgstr "" @@ -1456,6 +1432,22 @@ msgstr "" msgid "Missing vault private key" msgstr "" +#: ipaclient/plugins/cert.py:107 +msgid "Unrevoked" +msgstr "" + +#: ipaclient/plugins/cert.py:110 ipaserver/plugins/internal.py:293 +msgid "Error" +msgstr "" + +#: ipaclient/plugins/cert.py:120 +msgid "Input filename" +msgstr "" + +#: ipaclient/plugins/cert.py:121 +msgid "File to load the certificate from." +msgstr "" + msgid "" "\n" "Directory Server Access Control Instructions (ACIs)\n" @@ -1595,9 +1587,9 @@ msgstr "" msgid "User group ACI grants access to" msgstr "" -#: ipaserver/plugins/selfservice.py:84 ipaserver/plugins/aci.py:463 -#: ipaserver/plugins/baseldap.py:73 ipaserver/plugins/delegation.py:81 -#: ipaserver/plugins/permission.py:230 +#: ipaserver/plugins/aci.py:463 ipaserver/plugins/permission.py:230 +#: ipaserver/plugins/selfservice.py:84 ipaserver/plugins/baseldap.py:74 +#: ipaserver/plugins/delegation.py:81 msgid "Permissions" msgstr "" @@ -1607,14 +1599,14 @@ msgstr "" msgid "Attributes to which the permission applies" msgstr "" -#: ipaserver/plugins/selfservice.py:89 ipaserver/plugins/aci.py:472 +#: ipaserver/plugins/aci.py:472 ipaserver/plugins/selfservice.py:89 #: ipaserver/plugins/delegation.py:86 msgid "Attributes" msgstr "" -#: ipaserver/plugins/vault.py:600 ipaserver/plugins/aci.py:477 -#: ipaserver/plugins/schema.py:447 ipaserver/plugins/otptoken.py:165 -#: ipaserver/plugins/permission.py:346 +#: ipaserver/plugins/otptoken.py:165 ipaserver/plugins/vault.py:600 +#: ipaserver/plugins/aci.py:477 ipaserver/plugins/permission.py:346 +#: ipaserver/plugins/schema.py:447 msgid "Type" msgstr "" @@ -1628,7 +1620,7 @@ msgid "Member of a group" msgstr "" #: ipaserver/plugins/internal.py:216 ipaserver/plugins/internal.py:1214 -#: ipaserver/plugins/internal.py:1723 ipaserver/plugins/aci.py:490 +#: ipaserver/plugins/internal.py:1723 msgid "Filter" msgstr "" @@ -1714,7 +1706,7 @@ msgstr "" msgid "A string searched in all relevant object attributes" msgstr "" -#: ipaserver/plugins/baseldap.py:1873 ipaserver/plugins/schema.py:127 +#: ipaserver/plugins/schema.py:127 ipaserver/plugins/baseldap.py:1948 msgid "Primary key only" msgstr "" @@ -1869,7 +1861,7 @@ msgstr "" msgid "description" msgstr "" -#: ipaserver/plugins/server.py:132 ipaserver/plugins/host.py:472 +#: ipaserver/plugins/host.py:478 ipaserver/plugins/server.py:132 msgid "Location" msgstr "" @@ -1885,18 +1877,18 @@ msgstr "" msgid "Automount map name." msgstr "" -#: ipaserver/plugins/automount.py:364 ipaserver/plugins/caacl.py:175 -#: ipaserver/plugins/certmap.py:279 ipaserver/plugins/hbacsvc.py:108 -#: ipaserver/plugins/hbacsvcgroup.py:120 ipaserver/plugins/ca.py:89 -#: ipaserver/plugins/netgroup.py:210 ipaserver/plugins/radiusproxy.py:117 -#: ipaserver/plugins/automember.py:257 ipaserver/plugins/group.py:342 -#: ipaserver/plugins/hbacrule.py:253 ipaserver/plugins/sudocmd.py:122 -#: ipaserver/plugins/sudocmdgroup.py:130 ipaserver/plugins/idviews.py:142 -#: ipaserver/plugins/idviews.py:740 ipaserver/plugins/location.py:111 -#: ipaserver/plugins/selinuxusermap.py:265 ipaserver/plugins/vault.py:594 -#: ipaserver/plugins/hostgroup.py:193 ipaserver/plugins/privilege.py:159 -#: ipaserver/plugins/role.py:153 ipaserver/plugins/otptoken.py:174 -#: ipaserver/plugins/sudorule.py:232 ipaserver/plugins/host.py:462 +#: ipaserver/plugins/automount.py:364 ipaserver/plugins/sudorule.py:238 +#: ipaserver/plugins/caacl.py:175 ipaserver/plugins/otptoken.py:174 +#: ipaserver/plugins/hbacsvc.py:108 ipaserver/plugins/hbacsvcgroup.py:120 +#: ipaserver/plugins/host.py:468 ipaserver/plugins/hostgroup.py:193 +#: ipaserver/plugins/vault.py:594 ipaserver/plugins/netgroup.py:210 +#: ipaserver/plugins/radiusproxy.py:117 ipaserver/plugins/group.py:342 +#: ipaserver/plugins/sudocmd.py:122 ipaserver/plugins/sudocmdgroup.py:130 +#: ipaserver/plugins/location.py:111 ipaserver/plugins/selinuxusermap.py:265 +#: ipaserver/plugins/idviews.py:142 ipaserver/plugins/idviews.py:775 +#: ipaserver/plugins/certmap.py:279 ipaserver/plugins/automember.py:257 +#: ipaserver/plugins/ca.py:89 ipaserver/plugins/role.py:153 +#: ipaserver/plugins/privilege.py:159 ipaserver/plugins/hbacrule.py:253 msgid "Description" msgstr "" @@ -1904,13 +1896,13 @@ msgstr "" msgid "Create a new automount key." msgstr "" -#: ipaserver/plugins/baseldap.py:894 +#: ipaserver/plugins/baseldap.py:969 msgid "" "Set an attribute to a name/value pair. Format is attr=value.\n" "For multi-valued attributes, the command replaces the values already present." msgstr "" -#: ipaserver/plugins/baseldap.py:900 +#: ipaserver/plugins/baseldap.py:975 msgid "" "Add an attribute/value pair. Format is attr=value. The attribute\n" "must be part of the schema." @@ -1920,7 +1912,7 @@ msgstr "" msgid "Delete an automount key." msgstr "" -#: ipaserver/plugins/baseldap.py:1294 +#: ipaserver/plugins/baseldap.py:1369 msgid "Continuous mode: Don't stop on errors." msgstr "" @@ -1933,16 +1925,15 @@ msgid "Search for an automount key." msgstr "" #: ipaserver/plugins/cert.py:1568 ipaserver/plugins/serverrole.py:123 -#: ipaserver/plugins/baseldap.py:1892 +#: ipaserver/plugins/baseldap.py:1967 msgid "Time Limit" msgstr "" msgid "Time limit of search in seconds" msgstr "" -#: ipaserver/plugins/hbactest.py:304 ipaserver/plugins/pkinit.py:79 #: ipaserver/plugins/cert.py:1573 ipaserver/plugins/serverrole.py:131 -#: ipaserver/plugins/baseldap.py:1899 +#: ipaserver/plugins/baseldap.py:1974 ipaserver/plugins/hbactest.py:304 msgid "Size Limit" msgstr "" @@ -1953,17 +1944,17 @@ msgstr "" msgid "Modify an automount key." msgstr "" -#: ipaserver/plugins/baseldap.py:906 +#: ipaserver/plugins/baseldap.py:981 msgid "" "Delete an attribute/value pair. The option will be evaluated\n" "last, after all sets and adds." msgstr "" -#: ipaserver/plugins/baseldap.py:1315 ipaserver/plugins/baseldap.py:1390 +#: ipaserver/plugins/baseldap.py:1390 ipaserver/plugins/baseldap.py:1465 msgid "Rights" msgstr "" -#: ipaserver/plugins/baseldap.py:1316 ipaserver/plugins/baseldap.py:1391 +#: ipaserver/plugins/baseldap.py:1391 ipaserver/plugins/baseldap.py:1466 msgid "" "Display the access rights of this entry (requires --all). See ipa man page " "for details." @@ -1973,7 +1964,7 @@ msgstr "" msgid "New mount information" msgstr "" -#: ipaserver/plugins/baseldap.py:1400 +#: ipaserver/plugins/baseldap.py:1475 msgid "Rename" msgstr "" @@ -2652,7 +2643,7 @@ msgstr "" msgid "A IP Address" msgstr "" -#: ipaserver/plugins/dns.py:976 ipaserver/plugins/host.py:669 +#: ipaserver/plugins/dns.py:953 ipaserver/plugins/dns.py:976 msgid "IP Address" msgstr "" @@ -2731,8 +2722,8 @@ msgstr "" msgid "CERT Algorithm" msgstr "" -#: ipaserver/plugins/dns.py:1056 ipaserver/plugins/dns.py:1405 -#: ipaserver/plugins/otptoken.py:229 +#: ipaserver/plugins/dns.py:1013 ipaserver/plugins/dns.py:1056 +#: ipaserver/plugins/dns.py:1405 msgid "Algorithm" msgstr "" @@ -2793,7 +2784,7 @@ msgstr "" msgid "DNAME Target" msgstr "" -#: ipaserver/plugins/dns.py:1372 ipaserver/plugins/internal.py:1217 +#: ipaserver/plugins/dns.py:1041 ipaserver/plugins/dns.py:1372 msgid "Target" msgstr "" @@ -2979,9 +2970,9 @@ msgstr "" msgid "NAPTR Service" msgstr "" -#: ipaserver/plugins/hbactest.py:285 ipaserver/plugins/dns.py:1317 #: ipaserver/plugins/internal.py:1331 ipaserver/plugins/internal.py:1656 -#: ipaserver/plugins/service.py:467 +#: ipaserver/plugins/dns.py:1317 ipaserver/plugins/service.py:467 +#: ipaserver/plugins/hbactest.py:285 msgid "Service" msgstr "" @@ -3301,9 +3292,9 @@ msgstr "" msgid "Add new DNS resource record." msgstr "" -#: ipaserver/plugins/dns.py:3569 ipaserver/plugins/realmdomains.py:151 -#: ipaserver/plugins/service.py:628 ipaserver/plugins/permission.py:1061 -#: ipaserver/plugins/host.py:661 +#: ipaserver/plugins/realmdomains.py:151 ipaserver/plugins/permission.py:1061 +#: ipaserver/plugins/dns.py:2881 ipaserver/plugins/dns.py:3569 +#: ipaserver/plugins/service.py:628 msgid "Force" msgstr "" @@ -3428,8 +3419,8 @@ msgid "" " ipa hbacrule-del allow_server\n" msgstr "" +#: ipaserver/plugins/sudorule.py:233 ipaserver/plugins/selinuxusermap.py:239 #: ipaserver/plugins/certmap.py:273 ipaserver/plugins/hbacrule.py:207 -#: ipaserver/plugins/selinuxusermap.py:239 ipaserver/plugins/sudorule.py:227 msgid "Rule name" msgstr "" @@ -3441,24 +3432,25 @@ msgstr "" msgid "Rule type (allow)" msgstr "" -#: ipaserver/plugins/netgroup.py:227 ipaserver/plugins/hbacrule.py:223 -#: ipaserver/plugins/selinuxusermap.py:253 ipaserver/plugins/sudorule.py:240 +#: ipaserver/plugins/sudorule.py:246 ipaserver/plugins/caacl.py:195 +#: ipaserver/plugins/netgroup.py:227 ipaserver/plugins/selinuxusermap.py:253 +#: ipaserver/plugins/hbacrule.py:223 msgid "User category" msgstr "" -#: ipaserver/plugins/netgroup.py:228 ipaserver/plugins/hbacrule.py:224 -#: ipaserver/plugins/selinuxusermap.py:254 ipaserver/plugins/sudorule.py:241 +#: ipaserver/plugins/sudorule.py:247 ipaserver/plugins/netgroup.py:228 +#: ipaserver/plugins/selinuxusermap.py:254 ipaserver/plugins/hbacrule.py:224 msgid "User category the rule applies to" msgstr "" -#: ipaserver/plugins/caacl.py:201 ipaserver/plugins/netgroup.py:233 -#: ipaserver/plugins/hbacrule.py:229 ipaserver/plugins/selinuxusermap.py:259 -#: ipaserver/plugins/sudorule.py:246 +#: ipaserver/plugins/sudorule.py:252 ipaserver/plugins/caacl.py:201 +#: ipaserver/plugins/netgroup.py:233 ipaserver/plugins/selinuxusermap.py:259 +#: ipaserver/plugins/hbacrule.py:229 msgid "Host category" msgstr "" -#: ipaserver/plugins/netgroup.py:234 ipaserver/plugins/hbacrule.py:230 -#: ipaserver/plugins/selinuxusermap.py:260 ipaserver/plugins/sudorule.py:247 +#: ipaserver/plugins/sudorule.py:253 ipaserver/plugins/netgroup.py:234 +#: ipaserver/plugins/selinuxusermap.py:260 ipaserver/plugins/hbacrule.py:230 msgid "Host category the rule applies to" msgstr "" @@ -3470,34 +3462,37 @@ msgstr "" msgid "Service category the rule applies to" msgstr "" -#: ipaserver/plugins/certmap.py:310 ipaserver/plugins/hbacrule.py:256 -#: ipaserver/plugins/internal.py:1915 ipaserver/plugins/selinuxusermap.py:268 -#: ipaserver/plugins/sudorule.py:235 +#: ipaserver/plugins/sudorule.py:241 ipaserver/plugins/caacl.py:178 +#: ipaserver/plugins/selinuxusermap.py:268 ipaserver/plugins/certmap.py:310 +#: ipaserver/plugins/internal.py:1915 ipaserver/plugins/hbacrule.py:256 msgid "Enabled" msgstr "" -#: ipaserver/plugins/automember.py:697 ipaserver/plugins/hbacrule.py:260 -#: ipaserver/plugins/user.py:160 ipaserver/plugins/internal.py:1189 -#: ipaserver/plugins/selinuxusermap.py:272 ipaserver/plugins/baseuser.py:196 -#: ipaserver/plugins/sudorule.py:276 +#: ipaserver/plugins/sudorule.py:282 ipaserver/plugins/caacl.py:220 +#: ipaserver/plugins/selinuxusermap.py:272 ipaserver/plugins/automember.py:697 +#: ipaserver/plugins/internal.py:1189 ipaserver/plugins/hbacrule.py:260 +#: ipaserver/plugins/baseuser.py:196 ipaserver/plugins/user.py:160 msgid "Users" msgstr "" -#: ipaserver/plugins/group.py:327 ipaserver/plugins/hbacrule.py:264 +#: ipaserver/plugins/sudorule.py:286 ipaserver/plugins/caacl.py:224 +#: ipaserver/plugins/group.py:327 ipaserver/plugins/selinuxusermap.py:276 #: ipaserver/plugins/internal.py:878 ipaserver/plugins/internal.py:1188 -#: ipaserver/plugins/selinuxusermap.py:276 ipaserver/plugins/sudorule.py:280 +#: ipaserver/plugins/hbacrule.py:264 msgid "User Groups" msgstr "" -#: ipaserver/plugins/automember.py:702 ipaserver/plugins/hbacrule.py:268 -#: ipaserver/plugins/internal.py:1163 ipaserver/plugins/selinuxusermap.py:280 -#: ipaserver/plugins/sudorule.py:289 ipaserver/plugins/host.py:450 +#: ipaserver/plugins/sudorule.py:295 ipaserver/plugins/caacl.py:228 +#: ipaserver/plugins/host.py:456 ipaserver/plugins/selinuxusermap.py:280 +#: ipaserver/plugins/automember.py:702 ipaserver/plugins/internal.py:1163 +#: ipaserver/plugins/hbacrule.py:268 msgid "Hosts" msgstr "" -#: ipaserver/plugins/hbacrule.py:272 ipaserver/plugins/internal.py:1072 -#: ipaserver/plugins/internal.py:1162 ipaserver/plugins/selinuxusermap.py:284 -#: ipaserver/plugins/hostgroup.py:178 ipaserver/plugins/sudorule.py:293 +#: ipaserver/plugins/sudorule.py:299 ipaserver/plugins/caacl.py:232 +#: ipaserver/plugins/hostgroup.py:178 ipaserver/plugins/selinuxusermap.py:284 +#: ipaserver/plugins/internal.py:1072 ipaserver/plugins/internal.py:1162 +#: ipaserver/plugins/hbacrule.py:272 msgid "Host Groups" msgstr "" @@ -3508,7 +3503,7 @@ msgstr "" msgid "Service Groups" msgstr "" -#: ipaserver/plugins/baseldap.py:330 +#: ipaserver/plugins/baseldap.py:331 msgid "External host" msgstr "" @@ -3516,7 +3511,7 @@ msgstr "" msgid "Create a new HBAC rule." msgstr "" -#: ipaserver/plugins/baseldap.py:1140 +#: ipaserver/plugins/cert.py:1344 ipaserver/plugins/baseldap.py:1215 msgid "Suppress processing of membership attributes." msgstr "" @@ -3536,13 +3531,13 @@ msgstr "" msgid "host groups to add" msgstr "" -#: ipaserver/plugins/baseldap.py:1683 ipaserver/plugins/baseldap.py:2170 -#: ipaserver/plugins/privilege.py:226 ipaserver/plugins/privilege.py:257 +#: ipaserver/plugins/baseldap.py:1758 ipaserver/plugins/baseldap.py:2245 #: ipaserver/plugins/role.py:231 ipaserver/plugins/role.py:255 +#: ipaserver/plugins/privilege.py:226 ipaserver/plugins/privilege.py:257 msgid "Members that could not be added" msgstr "" -#: ipaserver/plugins/baseldap.py:1687 ipaserver/plugins/baseldap.py:2174 +#: ipaserver/plugins/baseldap.py:1762 ipaserver/plugins/baseldap.py:2249 msgid "Number of members added" msgstr "" @@ -3608,11 +3603,11 @@ msgstr "" msgid "host groups to remove" msgstr "" -#: ipaserver/plugins/baseldap.py:1781 ipaserver/plugins/baseldap.py:2269 +#: ipaserver/plugins/baseldap.py:1856 ipaserver/plugins/baseldap.py:2344 msgid "Members that could not be removed" msgstr "" -#: ipaserver/plugins/baseldap.py:1785 ipaserver/plugins/baseldap.py:2273 +#: ipaserver/plugins/baseldap.py:1860 ipaserver/plugins/baseldap.py:2348 msgid "Number of members removed" msgstr "" @@ -3731,7 +3726,7 @@ msgstr "" msgid "HBAC service group description" msgstr "" -#: ipaserver/plugins/baseldap.py:106 +#: ipaserver/plugins/baseldap.py:107 msgid "Member HBAC service" msgstr "" @@ -3827,7 +3822,7 @@ msgid "" " ipa host-allow-create-keytab test2 --users=tuser1\n" msgstr "" -#: ipaserver/plugins/host.py:456 +#: ipaserver/plugins/service.py:697 msgid "Host name" msgstr "" @@ -3864,22 +3859,22 @@ msgstr "" msgid "Generate a random password to be used in bulk enrollment" msgstr "" -#: ipaserver/plugins/host.py:497 +#: ipaserver/plugins/baseuser.py:289 msgid "Random password" msgstr "" +#: ipaserver/plugins/cert.py:353 ipaserver/plugins/idviews.py:1055 #: ipaserver/plugins/certmap.py:605 ipaserver/plugins/ca.py:112 -#: ipaserver/plugins/cert.py:353 ipaserver/plugins/idviews.py:1020 #: ipaserver/plugins/internal.py:638 ipaserver/plugins/internal.py:722 -#: ipaserver/plugins/baseuser.py:398 ipaserver/plugins/baseuser.py:838 -#: ipaserver/plugins/service.py:492 ipaserver/plugins/host.py:502 +#: ipaserver/plugins/service.py:492 ipaserver/plugins/baseuser.py:398 +#: ipaserver/plugins/baseuser.py:838 msgid "Certificate" msgstr "" msgid "Base-64 encoded server certificate" msgstr "" -#: ipaserver/plugins/service.py:474 ipaserver/plugins/host.py:544 +#: ipaserver/plugins/service.py:474 ipaserver/plugins/baseuser.py:249 msgid "Principal name" msgstr "" @@ -3889,11 +3884,11 @@ msgstr "" msgid "Hardware MAC address(es) on this host" msgstr "" -#: ipaserver/plugins/baseuser.py:348 ipaserver/plugins/host.py:565 +#: ipaserver/plugins/idviews.py:1049 ipaserver/plugins/baseuser.py:348 msgid "SSH public key" msgstr "" -#: ipaserver/plugins/host.py:575 +#: ipaserver/plugins/baseuser.py:365 msgid "Class" msgstr "" @@ -3902,7 +3897,7 @@ msgid "" "interpretation)" msgstr "" -#: ipaserver/plugins/internal.py:1120 ipaserver/plugins/host.py:580 +#: ipaserver/plugins/internal.py:1120 msgid "Assigned ID View" msgstr "" @@ -3922,7 +3917,7 @@ msgstr "" msgid "Client credentials may be delegated to the service" msgstr "" -#: ipaserver/plugins/baseldap.py:70 +#: ipaserver/plugins/baseldap.py:71 msgid "Member of host-groups" msgstr "" @@ -3954,7 +3949,7 @@ msgstr "" msgid "Indirect Member of HBAC rule" msgstr "" -#: ipaserver/plugins/host.py:200 +#: ipaserver/plugins/service.py:128 msgid "Keytab" msgstr "" @@ -3964,35 +3959,35 @@ msgstr "" msgid "Managing" msgstr "" -#: ipaserver/plugins/service.py:134 ipaserver/plugins/host.py:212 +#: ipaserver/plugins/service.py:134 msgid "Users allowed to retrieve keytab" msgstr "" -#: ipaserver/plugins/service.py:137 ipaserver/plugins/host.py:215 +#: ipaserver/plugins/service.py:137 msgid "Groups allowed to retrieve keytab" msgstr "" -#: ipaserver/plugins/service.py:140 ipaserver/plugins/host.py:218 +#: ipaserver/plugins/service.py:140 msgid "Hosts allowed to retrieve keytab" msgstr "" -#: ipaserver/plugins/service.py:143 ipaserver/plugins/host.py:221 +#: ipaserver/plugins/service.py:143 msgid "Host Groups allowed to retrieve keytab" msgstr "" -#: ipaserver/plugins/service.py:146 ipaserver/plugins/host.py:224 +#: ipaserver/plugins/service.py:146 msgid "Users allowed to create keytab" msgstr "" -#: ipaserver/plugins/service.py:149 ipaserver/plugins/host.py:227 +#: ipaserver/plugins/service.py:149 msgid "Groups allowed to create keytab" msgstr "" -#: ipaserver/plugins/service.py:152 ipaserver/plugins/host.py:230 +#: ipaserver/plugins/service.py:152 msgid "Hosts allowed to create keytab" msgstr "" -#: ipaserver/plugins/service.py:155 ipaserver/plugins/host.py:233 +#: ipaserver/plugins/service.py:155 msgid "Host Groups allowed to create keytab" msgstr "" @@ -4090,7 +4085,8 @@ msgstr "" msgid "Search for hosts without these member of sudo rules." msgstr "" -#: ipaserver/plugins/cert.py:1026 ipaserver/plugins/sudorule.py:428 +#: ipaserver/plugins/sudorule.py:434 ipaserver/plugins/cert.py:1026 +#: ipaserver/plugins/user.py:162 msgid "user" msgstr "" @@ -4100,7 +4096,8 @@ msgstr "" msgid "Search for hosts without these enrolled by users." msgstr "" -#: ipaserver/plugins/sudorule.py:433 ipaserver/plugins/host.py:273 +#: ipaserver/plugins/sudorule.py:439 ipaserver/plugins/host.py:279 +#: ipaserver/plugins/cert.py:1028 msgid "host" msgstr "" @@ -4131,7 +4128,7 @@ msgstr "" msgid "Display information about a host." msgstr "" -#: ipaserver/plugins/service.py:958 ipaserver/plugins/host.py:1129 +#: ipaserver/plugins/service.py:958 ipaserver/plugins/user.py:899 msgid "file to store certificate in" msgstr "" @@ -4184,11 +4181,11 @@ msgstr "" msgid "Member host-groups" msgstr "" -#: ipaserver/plugins/baseldap.py:134 +#: ipaserver/plugins/baseldap.py:135 msgid "Indirect Member hosts" msgstr "" -#: ipaserver/plugins/baseldap.py:137 +#: ipaserver/plugins/baseldap.py:138 msgid "Indirect Member host-groups" msgstr "" @@ -4272,20 +4269,20 @@ msgid "" "other Identity Management solutions.\n" msgstr "" -#: ipaserver/plugins/idviews.py:736 +#: ipaserver/plugins/idviews.py:771 msgid "Anchor to override" msgstr "" -#: ipaserver/plugins/idviews.py:1087 +#: ipaserver/plugins/idviews.py:1122 msgid "Group name" msgstr "" -#: ipaserver/plugins/idviews.py:997 ipaserver/plugins/idviews.py:1092 +#: ipaserver/plugins/idviews.py:1032 ipaserver/plugins/idviews.py:1127 #: ipaserver/plugins/baseuser.py:299 msgid "GID" msgstr "" -#: ipaserver/plugins/idviews.py:1093 ipaserver/plugins/baseuser.py:300 +#: ipaserver/plugins/idviews.py:1128 ipaserver/plugins/baseuser.py:300 msgid "Group ID Number" msgstr "" @@ -4297,11 +4294,11 @@ msgstr "" msgid "UID" msgstr "" -#: ipaserver/plugins/idviews.py:990 +#: ipaserver/plugins/idviews.py:1025 msgid "User ID Number" msgstr "" -#: ipaserver/plugins/baseuser.py:238 +#: ipaserver/plugins/idviews.py:1029 ipaserver/plugins/baseuser.py:238 msgid "GECOS" msgstr "" @@ -4317,52 +4314,52 @@ msgstr "" msgid "ID View Name" msgstr "" -#: ipaserver/plugins/idviews.py:1248 +#: ipaserver/plugins/idviews.py:1283 msgid "Add a new Group ID override." msgstr "" -#: ipaserver/plugins/idviews.py:1254 +#: ipaserver/plugins/idviews.py:1289 msgid "Delete an Group ID override." msgstr "" -#: ipaserver/plugins/idviews.py:1266 +#: ipaserver/plugins/idviews.py:1301 msgid "Search for an Group ID override." msgstr "" msgid "Results should contain primary key attribute only (\"anchor\")" msgstr "" -#: ipaserver/plugins/idviews.py:1260 +#: ipaserver/plugins/idviews.py:1295 msgid "Modify an Group ID override." msgstr "" msgid "Rename the Group ID override object" msgstr "" -#: ipaserver/plugins/idviews.py:1282 +#: ipaserver/plugins/idviews.py:1317 msgid "Display information about an Group ID override." msgstr "" -#: ipaserver/plugins/idviews.py:1149 +#: ipaserver/plugins/idviews.py:1184 msgid "Add a new User ID override." msgstr "" -#: ipaserver/plugins/idviews.py:1174 +#: ipaserver/plugins/idviews.py:1209 msgid "Delete an User ID override." msgstr "" -#: ipaserver/plugins/idviews.py:1212 +#: ipaserver/plugins/idviews.py:1247 msgid "Search for an User ID override." msgstr "" -#: ipaserver/plugins/idviews.py:1180 +#: ipaserver/plugins/idviews.py:1215 msgid "Modify an User ID override." msgstr "" msgid "Rename the User ID override object" msgstr "" -#: ipaserver/plugins/idviews.py:1236 +#: ipaserver/plugins/idviews.py:1271 msgid "Display information about an User ID override." msgstr "" @@ -4375,8 +4372,8 @@ msgid "" "hostgroups. If any other ID View is applied to the host, it is overriden." msgstr "" +#: ipaserver/plugins/sudorule.py:439 ipaserver/plugins/host.py:280 #: ipaserver/plugins/idviews.py:453 ipaserver/plugins/idviews.py:496 -#: ipaserver/plugins/sudorule.py:433 ipaserver/plugins/host.py:274 msgid "hosts" msgstr "" @@ -4557,7 +4554,7 @@ msgid "" " ipa krbtpolicy-mod admin --maxlife=3600\n" msgstr "" -#: ipaserver/plugins/passwd.py:88 ipaserver/plugins/krbtpolicy.py:134 +#: ipaserver/plugins/krbtpolicy.py:134 ipaserver/plugins/hbactest.py:270 msgid "User name" msgstr "" @@ -4862,6 +4859,9 @@ msgid "" "retrieve and print all attributes from the server. Affects command output." msgstr "" +msgid "Dictionary mapping variable name to value" +msgstr "" + msgid "Total number of variables env (>= count)" msgstr "" @@ -4919,11 +4919,11 @@ msgstr "" msgid "IPA unique ID" msgstr "" -#: ipaserver/plugins/baseldap.py:91 +#: ipaserver/plugins/baseldap.py:92 msgid "Member netgroups" msgstr "" -#: ipaserver/plugins/baseldap.py:152 +#: ipaserver/plugins/baseldap.py:153 msgid "Indirect Member netgroups" msgstr "" @@ -5090,185 +5090,6 @@ msgstr "" msgid "Show the current OTP configuration." msgstr "" -msgid "" -"\n" -"OTP Tokens\n" -"\n" -"Manage OTP tokens.\n" -"\n" -"IPA supports the use of OTP tokens for multi-factor authentication. This\n" -"code enables the management of OTP tokens.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a new token:\n" -" ipa otptoken-add --type=totp --owner=jdoe --desc=\"My soft token\"\n" -"\n" -" Examine the token:\n" -" ipa otptoken-show a93db710-a31a-4639-8647-f15b2c70b78a\n" -"\n" -" Change the vendor:\n" -" ipa otptoken-mod a93db710-a31a-4639-8647-f15b2c70b78a --vendor=\"Red Hat" -"\"\n" -"\n" -" Delete a token:\n" -" ipa otptoken-del a93db710-a31a-4639-8647-f15b2c70b78a\n" -msgstr "" - -#: ipaserver/plugins/otptoken.py:160 -msgid "Unique ID" -msgstr "" - -#: ipaserver/plugins/otptoken.py:166 -msgid "Type of the token" -msgstr "" - -#: ipaserver/plugins/otptoken.py:175 -msgid "Token description (informational only)" -msgstr "" - -#: ipaserver/plugins/otptoken.py:179 -msgid "Owner" -msgstr "" - -#: ipaserver/plugins/otptoken.py:180 -msgid "Assigned user of the token (default: self)" -msgstr "" - -#: ipaserver/plugins/otptoken.py:183 -msgid "Manager" -msgstr "" - -#: ipaserver/plugins/otptoken.py:184 -msgid "Assigned manager of the token (default: self)" -msgstr "" - -#: ipaserver/plugins/internal.py:1913 ipaserver/plugins/otptoken.py:189 -msgid "Disabled" -msgstr "" - -#: ipaserver/plugins/otptoken.py:190 -msgid "Mark the token as disabled (default: false)" -msgstr "" - -#: ipaserver/plugins/otptoken.py:194 -msgid "Validity start" -msgstr "" - -#: ipaserver/plugins/otptoken.py:195 -msgid "First date/time the token can be used" -msgstr "" - -#: ipaserver/plugins/otptoken.py:199 -msgid "Validity end" -msgstr "" - -#: ipaserver/plugins/otptoken.py:200 -msgid "Last date/time the token can be used" -msgstr "" - -#: ipaserver/plugins/otptoken.py:204 -msgid "Vendor" -msgstr "" - -#: ipaserver/plugins/otptoken.py:205 -msgid "Token vendor name (informational only)" -msgstr "" - -#: ipaserver/plugins/otptoken.py:209 -msgid "Model" -msgstr "" - -#: ipaserver/plugins/otptoken.py:210 -msgid "Token model (informational only)" -msgstr "" - -#: ipaserver/plugins/otptoken.py:214 -msgid "Serial" -msgstr "" - -#: ipaserver/plugins/otptoken.py:215 -msgid "Token serial (informational only)" -msgstr "" - -#: ipaserver/plugins/otptoken.py:220 -msgid "Token secret (Base32; default: random)" -msgstr "" - -#: ipaserver/plugins/otptoken.py:230 -msgid "Token hash algorithm" -msgstr "" - -#: ipaserver/plugins/otptoken.py:238 -msgid "Digits" -msgstr "" - -#: ipaserver/plugins/otptoken.py:239 -msgid "Number of digits each token code will have" -msgstr "" - -#: ipaserver/plugins/otptoken.py:247 -msgid "Clock offset" -msgstr "" - -#: ipaserver/plugins/otptoken.py:248 -msgid "TOTP token / FreeIPA server time difference" -msgstr "" - -#: ipaserver/plugins/otptoken.py:255 -msgid "Clock interval" -msgstr "" - -#: ipaserver/plugins/otptoken.py:256 -msgid "Length of TOTP token code validity" -msgstr "" - -#: ipaserver/plugins/otptoken.py:264 -msgid "Counter" -msgstr "" - -#: ipaserver/plugins/otptoken.py:265 -msgid "Initial counter for the HOTP token" -msgstr "" - -#: ipaserver/plugins/otptoken.py:280 -msgid "Add a new OTP token." -msgstr "" - -#: ipaserver/plugins/otptoken.py:284 -msgid "(deprecated)" -msgstr "" - -#: ipaserver/plugins/otptoken.py:285 -msgid "Do not display QR code" -msgstr "" - -#: ipaserver/plugins/otptoken.py:463 -msgid "Add users that can manage this token." -msgstr "" - -#: ipaserver/plugins/otptoken.py:366 -msgid "Delete an OTP token." -msgstr "" - -#: ipaserver/plugins/otptoken.py:421 -msgid "Search for OTP token." -msgstr "" - -msgid "Results should contain primary key attribute only (\"id\")" -msgstr "" - -#: ipaserver/plugins/otptoken.py:372 -msgid "Modify a OTP token." -msgstr "" - -msgid "Rename the OTP token object" -msgstr "" - -#: ipaserver/plugins/otptoken.py:450 -msgid "Display information about an OTP token." -msgstr "" - msgid "" "\n" "YubiKey Tokens\n" @@ -5496,7 +5317,7 @@ msgstr "" msgid "Granted to Privilege" msgstr "" -#: ipaserver/plugins/baseldap.py:140 +#: ipaserver/plugins/baseldap.py:141 msgid "Indirect Member of roles" msgstr "" @@ -5504,7 +5325,7 @@ msgstr "" msgid "Add a new permission." msgstr "" -#: ipaserver/plugins/permission.py:1398 +#: ipaserver/plugins/permission.py:1405 msgid "Add members to a permission." msgstr "" @@ -5530,7 +5351,7 @@ msgstr "" msgid "force delete of SYSTEM permissions" msgstr "" -#: ipaserver/plugins/permission.py:1255 +#: ipaserver/plugins/permission.py:1262 msgid "Search for permissions." msgstr "" @@ -5541,14 +5362,14 @@ msgstr "" msgid "Rename the permission object" msgstr "" -#: ipaserver/plugins/permission.py:1410 +#: ipaserver/plugins/permission.py:1417 msgid "Remove members from a permission." msgstr "" msgid "privileges to remove" msgstr "" -#: ipaserver/plugins/permission.py:1388 +#: ipaserver/plugins/permission.py:1395 msgid "Display information about a permission." msgstr "" @@ -5639,7 +5460,7 @@ msgstr "" msgid "Privilege description" msgstr "" -#: ipaserver/plugins/baseldap.py:88 +#: ipaserver/plugins/baseldap.py:89 msgid "Granting privilege to roles" msgstr "" @@ -5856,8 +5677,8 @@ msgid "Display information about password policy." msgstr "" #: ipaserver/plugins/internal.py:1187 ipaserver/plugins/internal.py:1298 -#: ipaserver/plugins/internal.py:1667 ipaserver/plugins/baseuser.py:197 -#: ipaserver/plugins/pwpolicy.py:621 +#: ipaserver/plugins/internal.py:1667 ipaserver/plugins/pwpolicy.py:621 +#: ipaserver/plugins/baseuser.py:197 ipaserver/plugins/user.py:161 msgid "User" msgstr "" @@ -5986,8 +5807,9 @@ msgid "" " ipa realmdomains-mod --del-domain=olddomain.com\n" msgstr "" -#: ipaserver/plugins/certmap.py:566 ipaserver/plugins/internal.py:714 -#: ipaserver/plugins/internal.py:1519 ipaserver/plugins/realmdomains.py:115 +#: ipaserver/plugins/realmdomains.py:115 ipaserver/plugins/certmap.py:566 +#: ipaserver/plugins/internal.py:714 ipaserver/plugins/internal.py:1519 +#: ipaserver/plugins/trust.py:1245 msgid "Domain" msgstr "" @@ -6235,7 +6057,7 @@ msgstr "" msgid "SELinux User" msgstr "" -#: ipaserver/plugins/hbacrule.py:202 ipaserver/plugins/selinuxusermap.py:248 +#: ipaserver/plugins/selinuxusermap.py:248 ipaserver/plugins/hbacrule.py:202 msgid "HBAC Rule" msgstr "" @@ -6351,6 +6173,9 @@ msgid "" "httpd.keytab\n" msgstr "" +msgid "Principal" +msgstr "" + #: ipaserver/plugins/service.py:475 msgid "Service principal" msgstr "" @@ -7053,7 +6878,7 @@ msgid "A description of this command" msgstr "" #: ipaserver/plugins/sudocmdgroup.py:118 ipaserver/plugins/sudocmdgroup.py:138 -#: ipaserver/plugins/baseldap.py:82 +#: ipaserver/plugins/baseldap.py:83 msgid "Sudo Command Groups" msgstr "" @@ -7160,265 +6985,6 @@ msgstr "" msgid "Display Sudo Command Group." msgstr "" -msgid "" -"\n" -"Sudo Rules\n" -"\n" -"Sudo (su \"do\") allows a system administrator to delegate authority to\n" -"give certain users (or groups of users) the ability to run some (or all)\n" -"commands as root or another user while providing an audit trail of the\n" -"commands and their arguments.\n" -"\n" -"FreeIPA provides a means to configure the various aspects of Sudo:\n" -" Users: The user(s)/group(s) allowed to invoke Sudo.\n" -" Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke " -"Sudo.\n" -" Allow Command: The specific command(s) permitted to be run via Sudo.\n" -" Deny Command: The specific command(s) prohibited to be run via Sudo.\n" -" RunAsUser: The user(s) or group(s) of users whose rights Sudo will be " -"invoked with.\n" -" RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n" -" Options: The various Sudoers Options that can modify Sudo's behavior.\n" -"\n" -"An order can be added to a sudorule to control the order in which they\n" -"are evaluated (if the client supports it). This order is an integer and\n" -"must be unique.\n" -"\n" -"FreeIPA provides a designated binddn to use with Sudo located at:\n" -"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n" -"\n" -"To enable the binddn run the following command to set the password:\n" -"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -" -"ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example," -"dc=com\n" -"\n" -"EXAMPLES:\n" -"\n" -" Create a new rule:\n" -" ipa sudorule-add readfiles\n" -"\n" -" Add sudo command object and add it as allowed command in the rule:\n" -" ipa sudocmd-add /usr/bin/less\n" -" ipa sudorule-add-allow-command readfiles --sudocmds /usr/bin/less\n" -"\n" -" Add a host to the rule:\n" -" ipa sudorule-add-host readfiles --hosts server.example.com\n" -"\n" -" Add a user to the rule:\n" -" ipa sudorule-add-user readfiles --users jsmith\n" -"\n" -" Add a special Sudo rule for default Sudo server configuration:\n" -" ipa sudorule-add defaults\n" -"\n" -" Set a default Sudo option:\n" -" ipa sudorule-add-option defaults --sudooption '!authenticate'\n" -msgstr "" - -#: ipaserver/plugins/sudorule.py:252 -msgid "Command category" -msgstr "" - -#: ipaserver/plugins/sudorule.py:253 -msgid "Command category the rule applies to" -msgstr "" - -#: ipaserver/plugins/sudorule.py:258 -msgid "RunAs User category" -msgstr "" - -#: ipaserver/plugins/sudorule.py:259 -msgid "RunAs User category the rule applies to" -msgstr "" - -#: ipaserver/plugins/sudorule.py:264 -msgid "RunAs Group category" -msgstr "" - -#: ipaserver/plugins/sudorule.py:265 -msgid "RunAs Group category the rule applies to" -msgstr "" - -#: ipaserver/plugins/sudorule.py:270 -msgid "Sudo order" -msgstr "" - -#: ipaserver/plugins/sudorule.py:271 -msgid "integer to order the Sudo rules" -msgstr "" - -#: ipaserver/plugins/sudorule.py:285 -msgid "External User" -msgstr "" - -#: ipaserver/plugins/sudorule.py:286 -msgid "External User the rule applies to (sudorule-find only)" -msgstr "" - -#: ipaserver/plugins/sudorule.py:298 -msgid "Host Masks" -msgstr "" - -#: ipaserver/plugins/sudorule.py:304 -msgid "Sudo Allow Commands" -msgstr "" - -#: ipaserver/plugins/sudorule.py:308 -msgid "Sudo Deny Commands" -msgstr "" - -#: ipaserver/plugins/sudorule.py:312 -msgid "Sudo Allow Command Groups" -msgstr "" - -#: ipaserver/plugins/sudorule.py:316 -msgid "Sudo Deny Command Groups" -msgstr "" - -#: ipaserver/plugins/sudorule.py:320 -msgid "RunAs Users" -msgstr "" - -#: ipaserver/plugins/sudorule.py:321 -msgid "Run as a user" -msgstr "" - -#: ipaserver/plugins/sudorule.py:325 -msgid "Groups of RunAs Users" -msgstr "" - -#: ipaserver/plugins/sudorule.py:326 -msgid "Run as any user within a specified group" -msgstr "" - -#: ipaserver/plugins/sudorule.py:331 -msgid "RunAs External User" -msgstr "" - -#: ipaserver/plugins/sudorule.py:332 -msgid "External User the commands can run as (sudorule-find only)" -msgstr "" - -#: ipaserver/plugins/sudorule.py:336 -msgid "External Groups of RunAs Users" -msgstr "" - -#: ipaserver/plugins/sudorule.py:337 -msgid "External Groups of users that the command can run as" -msgstr "" - -#: ipaserver/plugins/sudorule.py:341 -msgid "RunAs Groups" -msgstr "" - -#: ipaserver/plugins/sudorule.py:342 -msgid "Run with the gid of a specified POSIX group" -msgstr "" - -#: ipaserver/plugins/sudorule.py:347 -msgid "RunAs External Group" -msgstr "" - -#: ipaserver/plugins/sudorule.py:348 -msgid "External Group the commands can run as (sudorule-find only)" -msgstr "" - -#: ipaserver/plugins/sudorule.py:351 ipaserver/plugins/sudorule.py:920 -#: ipaserver/plugins/sudorule.py:968 -msgid "Sudo Option" -msgstr "" - -#: ipaserver/plugins/sudorule.py:379 -msgid "Create new Sudo Rule." -msgstr "" - -#: ipaserver/plugins/sudorule.py:527 ipaserver/plugins/sudorule.py:558 -msgid "Add commands and sudo command groups affected by Sudo Rule." -msgstr "" - -msgid "member sudo command group" -msgstr "" - -msgid "sudo command groups to add" -msgstr "" - -#: ipaserver/plugins/sudorule.py:628 -msgid "Add hosts and hostgroups affected by Sudo Rule." -msgstr "" - -#: ipaserver/plugins/sudorule.py:109 -msgid "host masks of allowed hosts" -msgstr "" - -#: ipaserver/plugins/sudorule.py:914 -msgid "Add an option to the Sudo Rule." -msgstr "" - -#: ipaserver/plugins/sudorule.py:847 -msgid "Add group for Sudo to execute as." -msgstr "" - -#: ipaserver/plugins/sudorule.py:732 -msgid "Add users and groups for Sudo to execute as." -msgstr "" - -#: ipaserver/plugins/sudorule.py:578 -msgid "Add users and groups affected by Sudo Rule." -msgstr "" - -#: ipaserver/plugins/sudorule.py:393 -msgid "Delete Sudo Rule." -msgstr "" - -#: ipaserver/plugins/sudorule.py:504 -msgid "Disable a Sudo Rule." -msgstr "" - -#: ipaserver/plugins/sudorule.py:481 -msgid "Enable a Sudo Rule." -msgstr "" - -#: ipaserver/plugins/sudorule.py:467 -msgid "Search for Sudo Rule." -msgstr "" - -msgid "Results should contain primary key attribute only (\"sudorule-name\")" -msgstr "" - -#: ipaserver/plugins/sudorule.py:400 -msgid "Modify Sudo Rule." -msgstr "" - -#: ipaserver/plugins/sudorule.py:550 ipaserver/plugins/sudorule.py:570 -msgid "Remove commands and sudo command groups affected by Sudo Rule." -msgstr "" - -msgid "sudo command groups to remove" -msgstr "" - -#: ipaserver/plugins/sudorule.py:686 -msgid "Remove hosts and hostgroups affected by Sudo Rule." -msgstr "" - -#: ipaserver/plugins/sudorule.py:962 -msgid "Remove an option from Sudo Rule." -msgstr "" - -#: ipaserver/plugins/sudorule.py:895 -msgid "Remove group for Sudo to execute as." -msgstr "" - -#: ipaserver/plugins/sudorule.py:809 -msgid "Remove users and groups for Sudo to execute as." -msgstr "" - -#: ipaserver/plugins/sudorule.py:610 -msgid "Remove users and groups affected by Sudo Rule." -msgstr "" - -#: ipaserver/plugins/sudorule.py:476 -msgid "Display Sudo Rule." -msgstr "" - msgid "" "\n" "Users\n" @@ -7470,7 +7036,7 @@ msgstr "" msgid "Last name" msgstr "" -#: ipaserver/plugins/schema.py:158 +#: ipaserver/plugins/baseuser.py:219 msgid "Full name" msgstr "" @@ -7529,6 +7095,10 @@ msgstr "" msgid "Job Title" msgstr "" +#: ipaserver/plugins/baseuser.py:341 +msgid "Manager" +msgstr "" + msgid "Car License" msgstr "" @@ -8633,11 +8203,13 @@ msgid "" "\"\n" msgstr "" -#: ipaserver/plugins/trust.py:1585 ipaserver/plugins/internal.py:1522 +#: ipaserver/plugins/internal.py:1522 ipaserver/plugins/trust.py:541 +#: ipaserver/plugins/trust.py:1585 msgid "Domain NetBIOS name" msgstr "" -#: ipaserver/plugins/trust.py:1588 ipaserver/plugins/internal.py:1523 +#: ipaserver/plugins/internal.py:1523 ipaserver/plugins/trust.py:545 +#: ipaserver/plugins/trust.py:1588 msgid "Domain Security Identifier" msgstr "" @@ -8659,7 +8231,7 @@ msgstr "" msgid "Fallback primary group" msgstr "" -#: ipaserver/plugins/certmap.py:298 +#: ipaserver/plugins/certmap.py:298 ipaserver/plugins/trust.py:1580 msgid "Domain name" msgstr "" @@ -8696,15 +8268,15 @@ msgstr "" msgid "Trust type (ad for Active Directory, default)" msgstr "" -#: ipaserver/plugins/trust.py:1795 +#: ipaserver/plugins/trust.py:1798 msgid "Active Directory domain administrator" msgstr "" -#: ipaserver/plugins/trust.py:1799 +#: ipaserver/plugins/trust.py:1802 msgid "Active Directory domain administrator's password" msgstr "" -#: ipaserver/plugins/trust.py:1804 +#: ipaserver/plugins/trust.py:1807 msgid "Domain controller for the Active Directory domain (optional)" msgstr "" @@ -8718,6 +8290,7 @@ msgid "Size of the ID range reserved for the trusted domain" msgstr "" #: ipaserver/plugins/idrange.py:244 ipaserver/plugins/internal.py:1245 +#: ipaserver/plugins/trust.py:710 msgid "Range type" msgstr "" @@ -9014,13 +8587,447 @@ msgstr "" msgid "Display information about a range." msgstr "" -#: ipaserver/plugins/cert.py:1569 ipaserver/plugins/serverrole.py:124 -#: ipaserver/plugins/baseldap.py:1893 +msgid "" +"\n" +"OTP Tokens\n" +"\n" +"Manage OTP tokens.\n" +"\n" +"IPA supports the use of OTP tokens for multi-factor authentication. This\n" +"code enables the management of OTP tokens.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new token:\n" +" ipa otptoken-add --type=totp --owner=jdoe --desc=\"My soft token\"\n" +"\n" +" Examine the token:\n" +" ipa otptoken-show a93db710-a31a-4639-8647-f15b2c70b78a\n" +"\n" +" Change the vendor:\n" +" ipa otptoken-mod a93db710-a31a-4639-8647-f15b2c70b78a --vendor=\"Red Hat" +"\"\n" +"\n" +" Delete a token:\n" +" ipa otptoken-del a93db710-a31a-4639-8647-f15b2c70b78a\n" +msgstr "" + +#: ipaserver/plugins/otptoken.py:160 +msgid "Unique ID" +msgstr "" + +#: ipaserver/plugins/otptoken.py:166 +msgid "Type of the token" +msgstr "" + +#: ipaserver/plugins/otptoken.py:175 +msgid "Token description (informational only)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:179 +msgid "Owner" +msgstr "" + +#: ipaserver/plugins/otptoken.py:180 +msgid "Assigned user of the token (default: self)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:184 +msgid "Assigned manager of the token (default: self)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:189 ipaserver/plugins/internal.py:1913 +msgid "Disabled" +msgstr "" + +#: ipaserver/plugins/otptoken.py:190 +msgid "Mark the token as disabled (default: false)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:194 +msgid "Validity start" +msgstr "" + +#: ipaserver/plugins/otptoken.py:195 +msgid "First date/time the token can be used" +msgstr "" + +#: ipaserver/plugins/otptoken.py:199 +msgid "Validity end" +msgstr "" + +#: ipaserver/plugins/otptoken.py:200 +msgid "Last date/time the token can be used" +msgstr "" + +#: ipaserver/plugins/otptoken.py:204 +msgid "Vendor" +msgstr "" + +#: ipaserver/plugins/otptoken.py:205 +msgid "Token vendor name (informational only)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:209 +msgid "Model" +msgstr "" + +#: ipaserver/plugins/otptoken.py:210 +msgid "Token model (informational only)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:214 +msgid "Serial" +msgstr "" + +#: ipaserver/plugins/otptoken.py:215 +msgid "Token serial (informational only)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:220 +msgid "Token secret (Base32; default: random)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:230 +msgid "Token hash algorithm" +msgstr "" + +#: ipaserver/plugins/otptoken.py:238 +msgid "Digits" +msgstr "" + +#: ipaserver/plugins/otptoken.py:239 +msgid "Number of digits each token code will have" +msgstr "" + +#: ipaserver/plugins/otptoken.py:247 +msgid "Clock offset" +msgstr "" + +#: ipaserver/plugins/otptoken.py:248 +msgid "TOTP token / IPA server time difference" +msgstr "" + +#: ipaserver/plugins/otptoken.py:255 +msgid "Clock interval" +msgstr "" + +#: ipaserver/plugins/otptoken.py:256 +msgid "Length of TOTP token code validity" +msgstr "" + +#: ipaserver/plugins/otptoken.py:264 +msgid "Counter" +msgstr "" + +#: ipaserver/plugins/otptoken.py:265 +msgid "Initial counter for the HOTP token" +msgstr "" + +#: ipaserver/plugins/otptoken.py:280 +msgid "Add a new OTP token." +msgstr "" + +#: ipaserver/plugins/otptoken.py:284 +msgid "(deprecated)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:285 +msgid "Do not display QR code" +msgstr "" + +#: ipaserver/plugins/otptoken.py:463 +msgid "Add users that can manage this token." +msgstr "" + +#: ipaserver/plugins/otptoken.py:366 +msgid "Delete an OTP token." +msgstr "" + +#: ipaserver/plugins/otptoken.py:421 +msgid "Search for OTP token." +msgstr "" + +msgid "Results should contain primary key attribute only (\"id\")" +msgstr "" + +#: ipaserver/plugins/otptoken.py:372 +msgid "Modify a OTP token." +msgstr "" + +msgid "Rename the OTP token object" +msgstr "" + +#: ipaserver/plugins/otptoken.py:450 +msgid "Display information about an OTP token." +msgstr "" + +msgid "" +"\n" +"Sudo Rules\n" +"\n" +"Sudo (su \"do\") allows a system administrator to delegate authority to\n" +"give certain users (or groups of users) the ability to run some (or all)\n" +"commands as root or another user while providing an audit trail of the\n" +"commands and their arguments.\n" +"\n" +"IPA provides a means to configure the various aspects of Sudo:\n" +" Users: The user(s)/group(s) allowed to invoke Sudo.\n" +" Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke " +"Sudo.\n" +" Allow Command: The specific command(s) permitted to be run via Sudo.\n" +" Deny Command: The specific command(s) prohibited to be run via Sudo.\n" +" RunAsUser: The user(s) or group(s) of users whose rights Sudo will be " +"invoked with.\n" +" RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n" +" Options: The various Sudoers Options that can modify Sudo's behavior.\n" +"\n" +"An order can be added to a sudorule to control the order in which they\n" +"are evaluated (if the client supports it). This order is an integer and\n" +"must be unique.\n" +"\n" +"IPA provides a designated binddn to use with Sudo located at:\n" +"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n" +"\n" +"To enable the binddn run the following command to set the password:\n" +"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -" +"ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example," +"dc=com\n" +"\n" +"EXAMPLES:\n" +"\n" +" Create a new rule:\n" +" ipa sudorule-add readfiles\n" +"\n" +" Add sudo command object and add it as allowed command in the rule:\n" +" ipa sudocmd-add /usr/bin/less\n" +" ipa sudorule-add-allow-command readfiles --sudocmds /usr/bin/less\n" +"\n" +" Add a host to the rule:\n" +" ipa sudorule-add-host readfiles --hosts server.example.com\n" +"\n" +" Add a user to the rule:\n" +" ipa sudorule-add-user readfiles --users jsmith\n" +"\n" +" Add a special Sudo rule for default Sudo server configuration:\n" +" ipa sudorule-add defaults\n" +"\n" +" Set a default Sudo option:\n" +" ipa sudorule-add-option defaults --sudooption '!authenticate'\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:258 +msgid "Command category" +msgstr "" + +#: ipaserver/plugins/sudorule.py:259 +msgid "Command category the rule applies to" +msgstr "" + +#: ipaserver/plugins/sudorule.py:264 +msgid "RunAs User category" +msgstr "" + +#: ipaserver/plugins/sudorule.py:265 +msgid "RunAs User category the rule applies to" +msgstr "" + +#: ipaserver/plugins/sudorule.py:270 +msgid "RunAs Group category" +msgstr "" + +#: ipaserver/plugins/sudorule.py:271 +msgid "RunAs Group category the rule applies to" +msgstr "" + +#: ipaserver/plugins/sudorule.py:276 +msgid "Sudo order" +msgstr "" + +#: ipaserver/plugins/sudorule.py:277 +msgid "integer to order the Sudo rules" +msgstr "" + +#: ipaserver/plugins/sudorule.py:291 +msgid "External User" +msgstr "" + +#: ipaserver/plugins/sudorule.py:292 +msgid "External User the rule applies to (sudorule-find only)" +msgstr "" + +#: ipaserver/plugins/sudorule.py:304 +msgid "Host Masks" +msgstr "" + +#: ipaserver/plugins/sudorule.py:310 +msgid "Sudo Allow Commands" +msgstr "" + +#: ipaserver/plugins/sudorule.py:314 +msgid "Sudo Deny Commands" +msgstr "" + +#: ipaserver/plugins/sudorule.py:318 +msgid "Sudo Allow Command Groups" +msgstr "" + +#: ipaserver/plugins/sudorule.py:322 +msgid "Sudo Deny Command Groups" +msgstr "" + +#: ipaserver/plugins/sudorule.py:326 +msgid "RunAs Users" +msgstr "" + +#: ipaserver/plugins/sudorule.py:327 +msgid "Run as a user" +msgstr "" + +#: ipaserver/plugins/sudorule.py:331 +msgid "Groups of RunAs Users" +msgstr "" + +#: ipaserver/plugins/sudorule.py:332 +msgid "Run as any user within a specified group" +msgstr "" + +#: ipaserver/plugins/sudorule.py:337 +msgid "RunAs External User" +msgstr "" + +#: ipaserver/plugins/sudorule.py:338 +msgid "External User the commands can run as (sudorule-find only)" +msgstr "" + +#: ipaserver/plugins/sudorule.py:342 +msgid "External Groups of RunAs Users" +msgstr "" + +#: ipaserver/plugins/sudorule.py:343 +msgid "External Groups of users that the command can run as" +msgstr "" + +#: ipaserver/plugins/sudorule.py:347 +msgid "RunAs Groups" +msgstr "" + +#: ipaserver/plugins/sudorule.py:348 +msgid "Run with the gid of a specified POSIX group" +msgstr "" + +#: ipaserver/plugins/sudorule.py:353 +msgid "RunAs External Group" +msgstr "" + +#: ipaserver/plugins/sudorule.py:354 +msgid "External Group the commands can run as (sudorule-find only)" +msgstr "" + +#: ipaserver/plugins/sudorule.py:357 ipaserver/plugins/sudorule.py:995 +#: ipaserver/plugins/sudorule.py:1043 +msgid "Sudo Option" +msgstr "" + +#: ipaserver/plugins/sudorule.py:385 +msgid "Create new Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:533 ipaserver/plugins/sudorule.py:564 +msgid "Add commands and sudo command groups affected by Sudo Rule." +msgstr "" + +msgid "member sudo command group" +msgstr "" + +msgid "sudo command groups to add" +msgstr "" + +#: ipaserver/plugins/sudorule.py:683 +msgid "Add hosts and hostgroups affected by Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:115 +msgid "host masks of allowed hosts" +msgstr "" + +#: ipaserver/plugins/sudorule.py:989 +msgid "Add an option to the Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:911 +msgid "Add group for Sudo to execute as." +msgstr "" + +#: ipaserver/plugins/sudorule.py:787 +msgid "Add users and groups for Sudo to execute as." +msgstr "" + +#: ipaserver/plugins/sudorule.py:584 +msgid "Add users and groups affected by Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:399 +msgid "Delete Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:510 +msgid "Disable a Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:487 +msgid "Enable a Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:473 +msgid "Search for Sudo Rule." +msgstr "" + +msgid "Results should contain primary key attribute only (\"sudorule-name\")" +msgstr "" + +#: ipaserver/plugins/sudorule.py:406 +msgid "Modify Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:556 ipaserver/plugins/sudorule.py:576 +msgid "Remove commands and sudo command groups affected by Sudo Rule." +msgstr "" + +msgid "sudo command groups to remove" +msgstr "" + +#: ipaserver/plugins/sudorule.py:741 +msgid "Remove hosts and hostgroups affected by Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:1037 +msgid "Remove an option from Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:962 +msgid "Remove group for Sudo to execute as." +msgstr "" + +#: ipaserver/plugins/sudorule.py:866 +msgid "Remove users and groups for Sudo to execute as." +msgstr "" + +#: ipaserver/plugins/sudorule.py:639 +msgid "Remove users and groups affected by Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:482 +msgid "Display Sudo Rule." +msgstr "" + +#: ipaserver/plugins/pkinit.py:72 ipaserver/plugins/cert.py:1569 +#: ipaserver/plugins/serverrole.py:124 ipaserver/plugins/baseldap.py:1968 msgid "Time limit of search in seconds (0 is unlimited)" msgstr "" -#: ipaserver/plugins/cert.py:1574 ipaserver/plugins/serverrole.py:132 -#: ipaserver/plugins/baseldap.py:1900 +#: ipaserver/plugins/pkinit.py:80 ipaserver/plugins/cert.py:1574 +#: ipaserver/plugins/serverrole.py:132 ipaserver/plugins/baseldap.py:1975 msgid "Maximum number of entries returned (0 is unlimited)" msgstr "" @@ -9135,114 +9142,6 @@ msgstr "" msgid "Display the properties of a CA ACL." msgstr "" -msgid "" -"\n" -"Manage Certificate Profiles\n" -"\n" -"Certificate Profiles are used by Certificate Authority (CA) in the signing " -"of\n" -"certificates to determine if a Certificate Signing Request (CSR) is " -"acceptable,\n" -"and if so what features and extensions will be present on the certificate.\n" -"\n" -"The Certificate Profile format is the property-list format understood by " -"the\n" -"Dogtag or Red Hat Certificate System CA.\n" -"\n" -"PROFILE ID SYNTAX:\n" -"\n" -"A Profile ID is a string without spaces or punctuation starting with a " -"letter\n" -"and followed by a sequence of letters, digits or underscore (\"_\").\n" -"\n" -"EXAMPLES:\n" -"\n" -" Import a profile that will not store issued certificates:\n" -" ipa certprofile-import ShortLivedUserCert --file UserCert.profile " -"--desc \"User Certificates\" --store=false\n" -"\n" -" Delete a certificate profile:\n" -" ipa certprofile-del ShortLivedUserCert\n" -"\n" -" Show information about a profile:\n" -" ipa certprofile-show ShortLivedUserCert\n" -"\n" -" Save profile configuration to a file:\n" -" ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n" -"\n" -" Search for profiles that do not store certificates:\n" -" ipa certprofile-find --store=false\n" -"\n" -"PROFILE CONFIGURATION FORMAT:\n" -"\n" -"The profile configuration format is the raw property-list format\n" -"used by Dogtag Certificate System. The XML format is not supported.\n" -"\n" -"The following restrictions apply to profiles managed by FreeIPA:\n" -"\n" -"- When importing a profile the \"profileId\" field, if present, must\n" -" match the ID given on the command line.\n" -"\n" -"- The \"classId\" field must be set to \"caEnrollImpl\"\n" -"\n" -"- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n" -"\n" -"- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n" -" class must be used.\n" -msgstr "" - -#: ipaserver/plugins/certprofile.py:123 -msgid "Profile ID for referring to this profile" -msgstr "" - -#: ipaserver/plugins/certprofile.py:132 -msgid "Profile description" -msgstr "" - -#: ipaserver/plugins/certprofile.py:133 -msgid "Brief description of this profile" -msgstr "" - -#: ipaserver/plugins/certprofile.py:138 -msgid "Store issued certificates" -msgstr "" - -#: ipaserver/plugins/certprofile.py:139 -msgid "Whether to store certs issued using this profile" -msgstr "" - -#: ipaserver/plugins/certprofile.py:281 -msgid "Delete a Certificate Profile." -msgstr "" - -#: ipaserver/plugins/certprofile.py:188 -msgid "Search for Certificate Profiles." -msgstr "" - -#: ipaserver/plugins/certprofile.py:221 -msgid "Import a Certificate Profile." -msgstr "" - -#: ipaserver/plugins/certprofile.py:226 -msgid "Filename of a raw profile. The XML format is not supported." -msgstr "" - -#: ipaserver/plugins/certprofile.py:304 -msgid "Modify Certificate Profile configuration." -msgstr "" - -#: ipaserver/plugins/certprofile.py:310 -msgid "File containing profile configuration" -msgstr "" - -#: ipaserver/plugins/certprofile.py:200 -msgid "Display the properties of a Certificate Profile." -msgstr "" - -#: ipaserver/plugins/certprofile.py:204 -msgid "Write profile configuration to file" -msgstr "" - msgid "Maximum amount of time (seconds) for a search (-1 or 0 is unlimited)" msgstr "" @@ -9312,10 +9211,6 @@ msgid "" "to onelevel" msgstr "" -#: ipaserver/plugins/otptoken.py:469 -msgid "Remove users that can manage this token." -msgstr "" - #: ipaserver/plugins/permission.py:321 msgid "Target DN subtree" msgstr "" @@ -10009,10 +9904,6 @@ msgstr "" msgid "Owner services" msgstr "" -#: ipaserver/plugins/vault.py:327 ipaserver/plugins/vault.py:637 -msgid "Failed owners" -msgstr "" - #: ipaserver/plugins/vault.py:642 msgid "Vault service" msgstr "" @@ -10114,6 +10005,13 @@ msgstr "" msgid "Display information about a vault container." msgstr "" +msgid "Principal for this certificate (e.g. HTTP/test.example.com)" +msgstr "" + +#: ipaserver/plugins/cert.py:578 ipaserver/plugins/certprofile.py:122 +msgid "Profile ID" +msgstr "" + msgid "Certificate Profile to use" msgstr "" @@ -10337,6 +10235,118 @@ msgid "" " " msgstr "" +msgid "" +"\n" +"Manage Certificate Profiles\n" +"\n" +"Certificate Profiles are used by Certificate Authority (CA) in the signing " +"of\n" +"certificates to determine if a Certificate Signing Request (CSR) is " +"acceptable,\n" +"and if so what features and extensions will be present on the certificate.\n" +"\n" +"The Certificate Profile format is the property-list format understood by " +"the\n" +"Dogtag or Red Hat Certificate System CA.\n" +"\n" +"PROFILE ID SYNTAX:\n" +"\n" +"A Profile ID is a string without spaces or punctuation starting with a " +"letter\n" +"and followed by a sequence of letters, digits or underscore (\"_\").\n" +"\n" +"EXAMPLES:\n" +"\n" +" Import a profile that will not store issued certificates:\n" +" ipa certprofile-import ShortLivedUserCert --file UserCert.profile " +"--desc \"User Certificates\" --store=false\n" +"\n" +" Delete a certificate profile:\n" +" ipa certprofile-del ShortLivedUserCert\n" +"\n" +" Show information about a profile:\n" +" ipa certprofile-show ShortLivedUserCert\n" +"\n" +" Save profile configuration to a file:\n" +" ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n" +"\n" +" Search for profiles that do not store certificates:\n" +" ipa certprofile-find --store=false\n" +"\n" +"PROFILE CONFIGURATION FORMAT:\n" +"\n" +"The profile configuration format is the raw property-list format\n" +"used by Dogtag Certificate System. The XML format is not supported.\n" +"\n" +"The following restrictions apply to profiles managed by IPA:\n" +"\n" +"- When importing a profile the \"profileId\" field, if present, must\n" +" match the ID given on the command line.\n" +"\n" +"- The \"classId\" field must be set to \"caEnrollImpl\"\n" +"\n" +"- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n" +"\n" +"- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n" +" class must be used.\n" +msgstr "" + +#: ipaserver/plugins/certprofile.py:123 +msgid "Profile ID for referring to this profile" +msgstr "" + +#: ipaserver/plugins/certprofile.py:132 +msgid "Profile description" +msgstr "" + +#: ipaserver/plugins/certprofile.py:133 +msgid "Brief description of this profile" +msgstr "" + +#: ipaserver/plugins/certprofile.py:138 +msgid "Store issued certificates" +msgstr "" + +#: ipaserver/plugins/certprofile.py:139 +msgid "Whether to store certs issued using this profile" +msgstr "" + +#: ipaserver/plugins/certprofile.py:281 +msgid "Delete a Certificate Profile." +msgstr "" + +#: ipaserver/plugins/certprofile.py:188 +msgid "Search for Certificate Profiles." +msgstr "" + +#: ipaserver/plugins/certprofile.py:221 +msgid "Import a Certificate Profile." +msgstr "" + +#: ipaserver/plugins/certprofile.py:226 +msgid "Filename of a raw profile. The XML format is not supported." +msgstr "" + +#: ipaserver/plugins/certprofile.py:304 +msgid "Modify Certificate Profile configuration." +msgstr "" + +#: ipaserver/plugins/certprofile.py:310 +msgid "File containing profile configuration" +msgstr "" + +#: ipaserver/plugins/certprofile.py:200 +msgid "Display the properties of a Certificate Profile." +msgstr "" + +#: ipaserver/plugins/certprofile.py:204 +msgid "Write profile configuration to file" +msgstr "" + +#: ipaserver/plugins/otptoken.py:469 +msgid "Remove users that can manage this token." +msgstr "" + msgid "Resolve a host name in DNS. (Deprecated)" msgstr "" @@ -10646,11 +10656,11 @@ msgstr "" msgid "Check connection to remote IPA server." msgstr "" -#: ipaserver/plugins/server.py:903 +#: ipaserver/plugins/trust.py:1848 msgid "Remote server name" msgstr "" -#: ipaserver/plugins/server.py:904 +#: ipaserver/plugins/trust.py:1849 msgid "Remote IPA server hostname" msgstr "" @@ -12335,47 +12345,6 @@ msgstr "" msgid "comma-separated list of sudo commands to remove" msgstr "" -msgid "" -"\n" -"Sudo Rules\n" -"\n" -"Sudo (su \"do\") allows a system administrator to delegate authority to\n" -"give certain users (or groups of users) the ability to run some (or all)\n" -"commands as root or another user while providing an audit trail of the\n" -"commands and their arguments.\n" -"\n" -"FreeIPA provides a means to configure the various aspects of Sudo:\n" -" Users: The user(s)/group(s) allowed to invoke Sudo.\n" -" Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke " -"Sudo.\n" -" Allow Command: The specific command(s) permitted to be run via Sudo.\n" -" Deny Command: The specific command(s) prohibited to be run via Sudo.\n" -" RunAsUser: The user(s) or group(s) of users whose rights Sudo will be " -"invoked with.\n" -" RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n" -" Options: The various Sudoers Options that can modify Sudo's behavior.\n" -"\n" -"An order can be added to a sudorule to control the order in which they\n" -"are evaluated (if the client supports it). This order is an integer and\n" -"must be unique.\n" -"\n" -"FreeIPA provides a designated binddn to use with Sudo located at:\n" -"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n" -"\n" -"To enable the binddn run the following command to set the password:\n" -"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -" -"ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example," -"dc=com\n" -"\n" -"For more information, see the FreeIPA Documentation to Sudo.\n" -msgstr "" - -msgid "comma-separated list of sudo command groups to add" -msgstr "" - -msgid "comma-separated list of sudo command groups to remove" -msgstr "" - msgid "Active directory domain administrator's password" msgstr "" @@ -12568,99 +12537,231 @@ msgid "" " " msgstr "" -#: ipaclient/frontend.py:28 ipaclient/frontend.py:90 -#: ipaserver/plugins/baseldap.py:52 -msgid "Failed members" -msgstr "" - -#: ipaclient/frontend.py:32 ipaserver/plugins/baseldap.py:173 -msgid "Failed source hosts/hostgroups" -msgstr "" - -#: ipaclient/frontend.py:36 ipaserver/plugins/baseldap.py:176 -msgid "Failed hosts/hostgroups" -msgstr "" - -#: ipaclient/frontend.py:40 ipaserver/plugins/baseldap.py:179 -msgid "Failed users/groups" -msgstr "" - -#: ipaclient/frontend.py:44 ipaserver/plugins/baseldap.py:182 -msgid "Failed service/service groups" -msgstr "" - -#: ipaclient/frontend.py:48 ipaserver/plugins/baseldap.py:185 -msgid "Failed to remove" -msgstr "" - -#: ipaclient/frontend.py:53 ipaserver/plugins/baseldap.py:189 -msgid "Failed RunAs" -msgstr "" - -#: ipaclient/frontend.py:57 ipaserver/plugins/baseldap.py:192 -msgid "Failed RunAsGroup" -msgstr "" - -#: ipaclient/frontend.py:62 ipaserver/plugins/caacl.py:473 -msgid "Failed profiles" -msgstr "" - -#: ipaclient/frontend.py:66 ipaserver/plugins/caacl.py:476 -msgid "Failed CAs" -msgstr "" - -#: ipaclient/frontend.py:71 ipaserver/plugins/group.py:183 -#: ipaserver/plugins/hostgroup.py:95 -msgid "Failed member manager" -msgstr "" - -#: ipaclient/frontend.py:76 ipaserver/plugins/host.py:209 -msgid "Failed managedby" -msgstr "" - -#: ipaclient/frontend.py:81 ipaserver/plugins/service.py:158 -#: ipaserver/plugins/host.py:236 -msgid "Failed allowed to retrieve keytab" -msgstr "" - -#: ipaclient/frontend.py:85 ipaserver/plugins/service.py:161 -#: ipaserver/plugins/host.py:239 -msgid "Failed allowed to create keytab" -msgstr "" - -#: ipaclient/frontend.py:94 -msgid "Failed targets" -msgstr "" - -#: ipaclient/csrgen.py:40 msgid "" "\n" -"Routines for constructing certificate signing requests using IPA data and\n" -"stored templates.\n" +"Sudo Rules\n" +"\n" +"Sudo (su \"do\") allows a system administrator to delegate authority to\n" +"give certain users (or groups of users) the ability to run some (or all)\n" +"commands as root or another user while providing an audit trail of the\n" +"commands and their arguments.\n" +"\n" +"IPA provides a means to configure the various aspects of Sudo:\n" +" Users: The user(s)/group(s) allowed to invoke Sudo.\n" +" Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke " +"Sudo.\n" +" Allow Command: The specific command(s) permitted to be run via Sudo.\n" +" Deny Command: The specific command(s) prohibited to be run via Sudo.\n" +" RunAsUser: The user(s) or group(s) of users whose rights Sudo will be " +"invoked with.\n" +" RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n" +" Options: The various Sudoers Options that can modify Sudo's behavior.\n" +"\n" +"An order can be added to a sudorule to control the order in which they\n" +"are evaluated (if the client supports it). This order is an integer and\n" +"must be unique.\n" +"\n" +"IPA provides a designated binddn to use with Sudo located at:\n" +"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n" +"\n" +"To enable the binddn run the following command to set the password:\n" +"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -" +"ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example," +"dc=com\n" +"\n" +"For more information, see the IPA Documentation to Sudo.\n" msgstr "" -#: ipaclient/csrgen.py:73 +msgid "comma-separated list of sudo command groups to add" +msgstr "" + +msgid "comma-separated list of sudo command groups to remove" +msgstr "" + +#: ipalib/messages.py:84 +msgid "Additional instructions:" +msgstr "" + +#: ipalib/messages.py:146 #, python-format -msgid "Required CSR generation rule %(name)s is missing data" +msgid "" +"API Version number was not sent, forward compatibility not guaranteed. " +"Assuming server's API version, %(server_version)s" msgstr "" -#: ipaclient/csrgen.py:165 ipaclient/csrgen.py:203 ipaclient/csrgen.py:387 -msgid "Template error when formatting certificate data" +#: ipalib/messages.py:158 +msgid "" +"DNS forwarder semantics changed since IPA 4.0.\n" +"You may want to use forward zones (dnsforwardzone-*) instead.\n" +"For more details read the docs." msgstr "" -#: ipaclient/csrgen.py:336 +#: ipalib/messages.py:170 #, python-format -msgid "No generation rule %(rulename)s found." +msgid "" +"DNSSEC support is experimental.\n" +"%(additional_info)s" msgstr "" -#: ipaclient/csrgen.py:343 +#: ipalib/messages.py:180 #, python-format -msgid "Generation rule \"%(rulename)s\" is missing the \"rule\" key" +msgid "'%(option)s' option is deprecated. %(additional_info)s" msgstr "" -#: ipaclient/csrgen.py:359 +#: ipalib/messages.py:190 #, python-format -msgid "No CSR generation rules are defined for profile %(profile_id)s" +msgid "" +"Semantic of %(label)s was changed. %(current_behavior)s\n" +"%(hint)s" +msgstr "" + +#: ipalib/messages.py:201 +#, python-format +msgid "DNS server %(server)s: %(error)s." +msgstr "" + +#: ipalib/messages.py:211 +#, python-format +msgid "" +"DNS server %(server)s does not support DNSSEC: %(error)s.\n" +"If DNSSEC validation is enabled on IPA server(s), please disable it." +msgstr "" + +#: ipalib/messages.py:224 +#, python-format +msgid "" +"forward zone \"%(fwzone)s\" is not effective because of missing proper NS " +"delegation in authoritative zone \"%(authzone)s\". Please add NS record " +"\"%(ns_rec)s\" to parent zone \"%(authzone)s\"." +msgstr "" + +#: ipalib/messages.py:238 +#, python-format +msgid "" +"DNS server %(server)s does not support EDNS0 (RFC 6891): %(error)s.\n" +"If DNSSEC validation is enabled on IPA server(s), please disable it." +msgstr "" + +#: ipalib/messages.py:251 +#, python-format +msgid "" +"DNSSEC validation failed: %(error)s.\n" +"Please verify your DNSSEC configuration or disable DNSSEC validation on all " +"IPA servers." +msgstr "" + +#: ipalib/messages.py:265 +#, python-format +msgid "" +"The _kerberos TXT record from domain %(domain)s could not be created " +"(%(error)s).\n" +"This can happen if the zone is not managed by IPA. Please create the record " +"manually, containing the following value: '%(realm)s'" +msgstr "" + +#: ipalib/messages.py:281 +#, python-format +msgid "" +"The _kerberos TXT record from domain %(domain)s could not be removed " +"(%(error)s).\n" +"This can happen if the zone is not managed by IPA. Please remove the record " +"manually." +msgstr "" + +#: ipalib/messages.py:295 +msgid "" +"No DNSSEC key master is installed. DNSSEC zone signing will not work until " +"the DNSSEC key master is installed." +msgstr "" + +#: ipalib/messages.py:310 +#, python-format +msgid "" +"Relative record name '%(record)s' contains the zone name '%(zone)s' as a " +"suffix, which results in FQDN '%(fqdn)s'. This is usually a mistake caused " +"by a missing dot at the end of the name specification." +msgstr "" + +#: ipalib/messages.py:323 +#, python-format +msgid "'%(command)s' is deprecated. %(additional_info)s" +msgstr "" + +#: ipalib/messages.py:333 +#, python-format +msgid "%(line)s" +msgstr "" + +#: ipalib/messages.py:343 +#, python-format +msgid "Search result has been truncated: %(reason)s" +msgstr "" + +#: ipalib/messages.py:353 +#, python-format +msgid "" +"Your trust to %(domain)s is broken. Please re-create it by running 'ipa " +"trust-add' again." +msgstr "" + +#: ipalib/messages.py:372 +#, python-format +msgid "DNS record(s) of host %(host)s could not be removed. (%(reason)s)" +msgstr "" + +#: ipalib/messages.py:386 +msgid "" +"Forwarding policy conflicts with some automatic empty zones. Queries for " +"zones specified by RFC 6303 will ignore forwarding and recursion and always " +"result in NXDOMAIN answers. To override this behavior use forward policy " +"'only'." +msgstr "" + +#: ipalib/messages.py:400 +#, python-format +msgid "Update of system record '%(record)s' failed with error: %(error)s" +msgstr "" + +#: ipalib/messages.py:411 +#, python-format +msgid "" +"IPA does not manage the zone %(zone)s, please add records to your DNS server " +"manually" +msgstr "" + +#: ipalib/messages.py:423 +msgid "" +"Automatic update of DNS system records failed. Please re-run update of " +"system records manually to get list of missing records." +msgstr "" + +#: ipalib/messages.py:436 +#, python-format +msgid "" +"Service %(service)s requires restart on IPA server %(server)s to apply " +"configuration changes." +msgstr "" + +#: ipalib/messages.py:448 +#, python-format +msgid "" +"No DNS servers in IPA location %(location)s. Without DNS servers location is " +"not working as expected." +msgstr "" + +#: ipalib/messages.py:475 +#, python-format +msgid "%(subject)s: Malformed certificate. %(reason)s" +msgstr "" + +#: ipalib/messages.py:486 +#, python-format +msgid "The host was added but the DNS update failed with: %(reason)s" +msgstr "" + +#: ipalib/messages.py:496 +#, python-format +msgid "The certificate for %(ca)s is not available on this server." msgstr "" #: ipalib/misc.py:22 @@ -12675,72 +12776,6 @@ msgid_plural "%(count)d plugins loaded" msgstr[0] "" msgstr[1] "" -#: ipalib/cli.py:630 -#, python-format -msgid "Enter %(label)s again to verify: " -msgstr "" - -#: ipalib/cli.py:639 -msgid "Passwords do not match!" -msgstr "" - -#: ipalib/cli.py:662 -msgid "No matching entries found" -msgstr "" - -#: ipalib/cli.py:737 -msgid "Topic or Command" -msgstr "" - -#: ipalib/cli.py:738 -msgid "The topic or command name." -msgstr "" - -#: ipalib/cli.py:910 -msgid "Topic commands:" -msgstr "" - -#: ipalib/cli.py:916 -msgid "To get command help, use:" -msgstr "" - -#: ipalib/cli.py:917 -msgid " ipa --help" -msgstr "" - -#: ipalib/cli.py:928 -msgid "Command name" -msgstr "" - -#: ipalib/cli.py:1151 -msgid "Positional arguments" -msgstr "" - -#: ipalib/cli.py:1297 -#, python-format -msgid "Same as --%s" -msgstr "" - -#: ipalib/cli.py:1300 -msgid "Deprecated options" -msgstr "" - -#: ipalib/cli.py:1431 -msgid "No file to read" -msgstr "" - -#: ipalib/output.py:110 -msgid "A dictionary representing an LDAP entry" -msgstr "" - -#: ipalib/output.py:118 -msgid "A list of LDAP entries" -msgstr "" - -#: ipalib/output.py:170 -msgid "All commands should at least have a result" -msgstr "" - #: ipalib/errors.py:296 #, python-format msgid "%(cver)s client incompatible with %(sver)s server at '%(server)s'" @@ -13194,6 +13229,90 @@ msgid "" "prevents a trust to '%(conflict)s'" msgstr "" +#: ipalib/rpc.py:1110 +msgid "any of the configured servers" +msgstr "" + +#: ipalib/rpc.py:1193 +msgid "Exceeded number of tries to forward a request." +msgstr "" + +#: ipalib/cli.py:630 +#, python-format +msgid "Enter %(label)s again to verify: " +msgstr "" + +#: ipalib/cli.py:639 +msgid "Passwords do not match!" +msgstr "" + +#: ipalib/cli.py:662 +msgid "No matching entries found" +msgstr "" + +#: ipalib/cli.py:737 +msgid "Topic or Command" +msgstr "" + +#: ipalib/cli.py:738 +msgid "The topic or command name." +msgstr "" + +#: ipalib/cli.py:910 +msgid "Topic commands:" +msgstr "" + +#: ipalib/cli.py:916 +msgid "To get command help, use:" +msgstr "" + +#: ipalib/cli.py:917 +msgid " ipa --help" +msgstr "" + +#: ipalib/cli.py:928 +msgid "Command name" +msgstr "" + +#: ipalib/cli.py:1151 +msgid "Positional arguments" +msgstr "" + +#: ipalib/cli.py:1297 +#, python-format +msgid "Same as --%s" +msgstr "" + +#: ipalib/cli.py:1300 +msgid "Deprecated options" +msgstr "" + +#: ipalib/cli.py:1431 +msgid "No file to read" +msgstr "" + +#: ipalib/plugable.py:540 +#, python-format +msgid "%(filename)s: file not found" +msgstr "" + +#: ipalib/plugable.py:613 +#, python-brace-format +msgid "Unable to parse option {item}" +msgstr "" + +#: ipalib/output.py:110 +msgid "A dictionary representing an LDAP entry" +msgstr "" + +#: ipalib/output.py:118 +msgid "A list of LDAP entries" +msgstr "" + +#: ipalib/output.py:170 +msgid "All commands should at least have a result" +msgstr "" + #: ipalib/frontend.py:425 msgid "Results are truncated, try a more specific search" msgstr "" @@ -13207,208 +13326,171 @@ msgstr "" msgid "Client version. Used to determine if server will accept request." msgstr "" -#: ipalib/messages.py:84 -msgid "Additional instructions:" +#: ipalib/parameters.py:408 +msgid "incorrect type" msgstr "" -#: ipalib/messages.py:146 +#: ipalib/parameters.py:411 +msgid "Only one value is allowed" +msgstr "" + +#: ipalib/parameters.py:878 +msgid "this option is deprecated" +msgstr "" + +#: ipalib/parameters.py:996 +msgid "must be True or False" +msgstr "" + +#: ipalib/parameters.py:1094 +msgid "must be an integer" +msgstr "" + +#: ipalib/parameters.py:1144 +#, python-format +msgid "must be at least %(minvalue)d" +msgstr "" + +#: ipalib/parameters.py:1156 +#, python-format +msgid "can be at most %(maxvalue)d" +msgstr "" + +#: ipalib/parameters.py:1174 +msgid "must be a decimal number" +msgstr "" + +#: ipalib/parameters.py:1220 +#, python-format +msgid "must be at least %(minvalue)s" +msgstr "" + +#: ipalib/parameters.py:1232 +#, python-format +msgid "can be at most %(maxvalue)s" +msgstr "" + +#: ipalib/parameters.py:1242 #, python-format msgid "" -"API Version number was not sent, forward compatibility not guaranteed. " -"Assuming server's API version, %(server_version)s" +"number class '%(cls)s' is not included in a list of allowed number classes: " +"%(allowed)s" msgstr "" -#: ipalib/messages.py:158 -msgid "" -"DNS forwarder semantics changed since IPA 4.0.\n" -"You may want to use forward zones (dnsforwardzone-*) instead.\n" -"For more details read the docs." -msgstr "" - -#: ipalib/messages.py:170 +#: ipalib/parameters.py:1365 #, python-format -msgid "" -"DNSSEC support is experimental.\n" -"%(additional_info)s" +msgid "must match pattern \"%(pattern)s\"" msgstr "" -#: ipalib/messages.py:180 +#: ipalib/parameters.py:1385 +msgid "must be binary data" +msgstr "" + +#: ipalib/parameters.py:1404 #, python-format -msgid "'%(option)s' option is deprecated. %(additional_info)s" +msgid "must be at least %(minlength)d bytes" msgstr "" -#: ipalib/messages.py:190 +#: ipalib/parameters.py:1416 #, python-format -msgid "" -"Semantic of %(label)s was changed. %(current_behavior)s\n" -"%(hint)s" +msgid "can be at most %(maxlength)d bytes" msgstr "" -#: ipalib/messages.py:201 +#: ipalib/parameters.py:1428 #, python-format -msgid "DNS server %(server)s: %(error)s." +msgid "must be exactly %(length)d bytes" msgstr "" -#: ipalib/messages.py:211 +#: ipalib/parameters.py:1445 +msgid "must be a certificate" +msgstr "" + +#: ipalib/parameters.py:1481 +msgid "must be a certificate signing request" +msgstr "" + +#: ipalib/parameters.py:1527 #, python-format -msgid "" -"DNS server %(server)s does not support DNSSEC: %(error)s.\n" -"If DNSSEC validation is enabled on IPA server(s), please disable it." +msgid "Failure decoding Certificate Signing Request: %s" msgstr "" -#: ipalib/messages.py:224 +#: ipalib/parameters.py:1551 +msgid "must be Unicode text" +msgstr "" + +#: ipalib/parameters.py:1582 +msgid "Leading and trailing spaces are not allowed" +msgstr "" + +#: ipalib/parameters.py:1592 #, python-format -msgid "" -"forward zone \"%(fwzone)s\" is not effective because of missing proper NS " -"delegation in authoritative zone \"%(authzone)s\". Please add NS record " -"\"%(ns_rec)s\" to parent zone \"%(authzone)s\"." +msgid "must be at least %(minlength)d characters" msgstr "" -#: ipalib/messages.py:238 +#: ipalib/parameters.py:1604 #, python-format -msgid "" -"DNS server %(server)s does not support EDNS0 (RFC 6891): %(error)s.\n" -"If DNSSEC validation is enabled on IPA server(s), please disable it." +msgid "can be at most %(maxlength)d characters" msgstr "" -#: ipalib/messages.py:251 +#: ipalib/parameters.py:1616 #, python-format -msgid "" -"DNSSEC validation failed: %(error)s.\n" -"Please verify your DNSSEC configuration or disable DNSSEC validation on all " -"IPA servers." +msgid "must be exactly %(length)d characters" msgstr "" -#: ipalib/messages.py:265 +#: ipalib/parameters.py:1638 #, python-format -msgid "" -"The _kerberos TXT record from domain %(domain)s could not be created " -"(%(error)s).\n" -"This can happen if the zone is not managed by IPA. Please create the record " -"manually, containing the following value: '%(realm)s'" +msgid "The character %(char)r is not allowed." msgstr "" -#: ipalib/messages.py:281 +#: ipalib/parameters.py:1691 #, python-format -msgid "" -"The _kerberos TXT record from domain %(domain)s could not be removed " -"(%(error)s).\n" -"This can happen if the zone is not managed by IPA. Please remove the record " -"manually." +msgid "must be '%(value)s'" msgstr "" -#: ipalib/messages.py:295 -msgid "" -"No DNSSEC key master is installed. DNSSEC zone signing will not work until " -"the DNSSEC key master is installed." -msgstr "" - -#: ipalib/messages.py:310 +#: ipalib/parameters.py:1694 #, python-format -msgid "" -"Relative record name '%(record)s' contains the zone name '%(zone)s' as a " -"suffix, which results in FQDN '%(fqdn)s'. This is usually a mistake caused " -"by a missing dot at the end of the name specification." +msgid "must be one of %(values)s" msgstr "" -#: ipalib/messages.py:323 +#: ipalib/parameters.py:1811 +msgid "must be datetime value" +msgstr "" + +#: ipalib/parameters.py:1829 +msgid "does not match any of accepted formats: " +msgstr "" + +#: ipalib/parameters.py:2012 +msgid "incomplete time value" +msgstr "" + +#: ipalib/parameters.py:2089 +msgid "must be DNS name" +msgstr "" + +#: ipalib/parameters.py:2117 +msgid "must be absolute" +msgstr "" + +#: ipalib/parameters.py:2123 +msgid "must be relative" +msgstr "" + +#: ipalib/parameters.py:2134 +msgid "must be dictionary" +msgstr "" + +#: ipalib/parameters.py:2143 +msgid "must be Kerberos principal" +msgstr "" + +#: ipalib/parameters.py:2159 #, python-format -msgid "'%(command)s' is deprecated. %(additional_info)s" +msgid "Malformed principal: '%(value)s'" msgstr "" -#: ipalib/messages.py:333 -#, python-format -msgid "%(line)s" -msgstr "" - -#: ipalib/messages.py:343 -#, python-format -msgid "Search result has been truncated: %(reason)s" -msgstr "" - -#: ipalib/messages.py:353 -#, python-format -msgid "" -"Your trust to %(domain)s is broken. Please re-create it by running 'ipa " -"trust-add' again." -msgstr "" - -#: ipalib/messages.py:372 -#, python-format -msgid "DNS record(s) of host %(host)s could not be removed. (%(reason)s)" -msgstr "" - -#: ipalib/messages.py:386 -msgid "" -"Forwarding policy conflicts with some automatic empty zones. Queries for " -"zones specified by RFC 6303 will ignore forwarding and recursion and always " -"result in NXDOMAIN answers. To override this behavior use forward policy " -"'only'." -msgstr "" - -#: ipalib/messages.py:400 -#, python-format -msgid "Update of system record '%(record)s' failed with error: %(error)s" -msgstr "" - -#: ipalib/messages.py:411 -#, python-format -msgid "" -"IPA does not manage the zone %(zone)s, please add records to your DNS server " -"manually" -msgstr "" - -#: ipalib/messages.py:423 -msgid "" -"Automatic update of DNS system records failed. Please re-run update of " -"system records manually to get list of missing records." -msgstr "" - -#: ipalib/messages.py:436 -#, python-format -msgid "" -"Service %(service)s requires restart on IPA server %(server)s to apply " -"configuration changes." -msgstr "" - -#: ipalib/messages.py:448 -#, python-format -msgid "" -"No DNS servers in IPA location %(location)s. Without DNS servers location is " -"not working as expected." -msgstr "" - -#: ipalib/messages.py:475 -#, python-format -msgid "%(subject)s: Malformed certificate. %(reason)s" -msgstr "" - -#: ipalib/messages.py:486 -#, python-format -msgid "The host was added but the DNS update failed with: %(reason)s" -msgstr "" - -#: ipalib/messages.py:496 -#, python-format -msgid "The certificate for %(ca)s is not available on this server." -msgstr "" - -#: ipalib/rpc.py:1110 -msgid "any of the configured servers" -msgstr "" - -#: ipalib/rpc.py:1193 -msgid "Exceeded number of tries to forward a request." -msgstr "" - -#: ipalib/plugable.py:540 -#, python-format -msgid "%(filename)s: file not found" -msgstr "" - -#: ipalib/plugable.py:613 -#, python-brace-format -msgid "Unable to parse option {item}" +#: ipalib/parameters.py:2168 +msgid "Service principal is required" msgstr "" #: ipalib/util.py:213 @@ -13538,171 +13620,9 @@ msgstr "" msgid "realm or UPN suffix overlaps with trusted domain namespace" msgstr "" -#: ipalib/parameters.py:408 -msgid "incorrect type" -msgstr "" - -#: ipalib/parameters.py:411 -msgid "Only one value is allowed" -msgstr "" - -#: ipalib/parameters.py:878 -msgid "this option is deprecated" -msgstr "" - -#: ipalib/parameters.py:996 -msgid "must be True or False" -msgstr "" - -#: ipalib/parameters.py:1094 -msgid "must be an integer" -msgstr "" - -#: ipalib/parameters.py:1144 +#: ipapython/ipaldap.py:1187 #, python-format -msgid "must be at least %(minvalue)d" -msgstr "" - -#: ipalib/parameters.py:1156 -#, python-format -msgid "can be at most %(maxvalue)d" -msgstr "" - -#: ipalib/parameters.py:1174 -msgid "must be a decimal number" -msgstr "" - -#: ipalib/parameters.py:1220 -#, python-format -msgid "must be at least %(minvalue)s" -msgstr "" - -#: ipalib/parameters.py:1232 -#, python-format -msgid "can be at most %(maxvalue)s" -msgstr "" - -#: ipalib/parameters.py:1242 -#, python-format -msgid "" -"number class '%(cls)s' is not included in a list of allowed number classes: " -"%(allowed)s" -msgstr "" - -#: ipalib/parameters.py:1365 -#, python-format -msgid "must match pattern \"%(pattern)s\"" -msgstr "" - -#: ipalib/parameters.py:1385 -msgid "must be binary data" -msgstr "" - -#: ipalib/parameters.py:1404 -#, python-format -msgid "must be at least %(minlength)d bytes" -msgstr "" - -#: ipalib/parameters.py:1416 -#, python-format -msgid "can be at most %(maxlength)d bytes" -msgstr "" - -#: ipalib/parameters.py:1428 -#, python-format -msgid "must be exactly %(length)d bytes" -msgstr "" - -#: ipalib/parameters.py:1445 -msgid "must be a certificate" -msgstr "" - -#: ipalib/parameters.py:1481 -msgid "must be a certificate signing request" -msgstr "" - -#: ipalib/parameters.py:1527 -#, python-format -msgid "Failure decoding Certificate Signing Request: %s" -msgstr "" - -#: ipalib/parameters.py:1551 -msgid "must be Unicode text" -msgstr "" - -#: ipalib/parameters.py:1582 -msgid "Leading and trailing spaces are not allowed" -msgstr "" - -#: ipalib/parameters.py:1592 -#, python-format -msgid "must be at least %(minlength)d characters" -msgstr "" - -#: ipalib/parameters.py:1604 -#, python-format -msgid "can be at most %(maxlength)d characters" -msgstr "" - -#: ipalib/parameters.py:1616 -#, python-format -msgid "must be exactly %(length)d characters" -msgstr "" - -#: ipalib/parameters.py:1638 -#, python-format -msgid "The character %(char)r is not allowed." -msgstr "" - -#: ipalib/parameters.py:1686 -#, python-format -msgid "must be '%(value)s'" -msgstr "" - -#: ipalib/parameters.py:1689 -#, python-format -msgid "must be one of %(values)s" -msgstr "" - -#: ipalib/parameters.py:1806 -msgid "must be datetime value" -msgstr "" - -#: ipalib/parameters.py:1824 -msgid "does not match any of accepted formats: " -msgstr "" - -#: ipalib/parameters.py:2007 -msgid "incomplete time value" -msgstr "" - -#: ipalib/parameters.py:2084 -msgid "must be DNS name" -msgstr "" - -#: ipalib/parameters.py:2112 -msgid "must be absolute" -msgstr "" - -#: ipalib/parameters.py:2118 -msgid "must be relative" -msgstr "" - -#: ipalib/parameters.py:2129 -msgid "must be dictionary" -msgstr "" - -#: ipalib/parameters.py:2138 -msgid "must be Kerberos principal" -msgstr "" - -#: ipalib/parameters.py:2154 -#, python-format -msgid "Malformed principal: '%(value)s'" -msgstr "" - -#: ipalib/parameters.py:2163 -msgid "Service principal is required" +msgid "objectclass %s not found" msgstr "" #: ipapython/dogtag.py:109 @@ -13725,16 +13645,6 @@ msgstr "" msgid "Retrieving CA status failed with status %d" msgstr "" -#: ipapython/ipaldap.py:1187 -#, python-format -msgid "objectclass %s not found" -msgstr "" - -#: ipaserver/install/replication.py:1779 ipaserver/install/replication.py:1798 -#, python-format -msgid "Replication agreement for %(hostname)s not found" -msgstr "" - #: ipaserver/install/certs.py:480 #, python-format msgid "Unable to communicate with CMS (status %d)" @@ -13744,6 +13654,11 @@ msgstr "" msgid "Failed to authenticate to CA REST API" msgstr "" +#: ipaserver/install/replication.py:1779 ipaserver/install/replication.py:1798 +#, python-format +msgid "Replication agreement for %(hostname)s not found" +msgstr "" + #: ipaserver/plugins/automount.py:218 msgid "automount location" msgstr "" @@ -13890,529 +13805,219 @@ msgid_plural "%(count)d automount keys matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/trust.py:83 +#: ipaserver/plugins/sudorule.py:43 msgid "" "\n" -"Cross-realm trusts\n" -"\n" -"Manage trust relationship between IPA and Active Directory domains.\n" -"\n" -"In order to allow users from a remote domain to access resources in IPA " -"domain,\n" -"trust relationship needs to be established. Currently IPA supports only " -"trusts\n" -"between IPA and Active Directory domains under control of Windows Server " -"2008\n" -"or later, with functional level 2008 or later.\n" -"\n" -"Please note that DNS on both IPA and Active Directory domain sides should " -"be\n" -"configured properly to discover each other. Trust relationship relies on\n" -"ability to discover special resources in the other domain via DNS records.\n" -"\n" -"Examples:\n" -"\n" -"1. Establish cross-realm trust with Active Directory using AD administrator\n" -" credentials:\n" -"\n" -" ipa trust-add --type=ad --admin --password\n" -"\n" -"2. List all existing trust relationships:\n" -"\n" -" ipa trust-find\n" -"\n" -"3. Show details of the specific trust relationship:\n" -"\n" -" ipa trust-show \n" -"\n" -"4. Delete existing trust relationship:\n" -"\n" -" ipa trust-del \n" -"\n" -"Once trust relationship is established, remote users will need to be mapped\n" -"to local POSIX groups in order to actually use IPA resources. The mapping\n" -"should be done via use of external membership of non-POSIX group and then\n" -"this group should be included into one of local POSIX groups.\n" -"\n" -"Example:\n" -"\n" -"1. Create group for the trusted domain admins' mapping and their local " -"POSIX\n" -"group:\n" -"\n" -" ipa group-add --desc=' admins external map' " -"ad_admins_external --external\n" -" ipa group-add --desc=' admins' ad_admins\n" -"\n" -"2. Add security identifier of Domain Admins of the to the\n" -" ad_admins_external group:\n" -"\n" -" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" -"\n" -"3. Allow members of ad_admins_external group to be associated with\n" -" ad_admins POSIX group:\n" -"\n" -" ipa group-add-member ad_admins --groups ad_admins_external\n" -"\n" -"4. List members of external members of ad_admins_external group to see\n" -" their SIDs:\n" -"\n" -" ipa group-show ad_admins_external\n" -"\n" -"\n" -"GLOBAL TRUST CONFIGURATION\n" -"\n" -"When IPA AD trust subpackage is installed and ipa-adtrust-install is run, a\n" -"local domain configuration (SID, GUID, NetBIOS name) is generated. These\n" -"identifiers are then used when communicating with a trusted domain of the\n" -"particular type.\n" -"\n" -"1. Show global trust configuration for Active Directory type of trusts:\n" -"\n" -" ipa trustconfig-show --type ad\n" -"\n" -"2. Modify global configuration for all trusts of Active Directory type and " -"set\n" -" a different fallback primary group (fallback primary group GID is used as " -"a\n" -" primary user GID if user authenticating to IPA domain does not have any\n" -" other primary GID already set):\n" -"\n" -" ipa trustconfig-mod --type ad --fallback-primary-group \"another AD group" -"\"\n" -"\n" -"3. Change primary fallback group back to default hidden group (any group " -"with\n" -" posixGroup object class is allowed):\n" -"\n" -" ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB Group" -"\"\n" +"Sudo Rules\n" msgstr "" -#: ipaserver/plugins/trust.py:226 +#: ipaserver/plugins/sudorule.py:45 +msgid "" +"\n" +"Sudo (su \"do\") allows a system administrator to delegate authority to\n" +"give certain users (or groups of users) the ability to run some (or all)\n" +"commands as root or another user while providing an audit trail of the\n" +"commands and their arguments.\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:50 +msgid "" +"\n" +"IPA provides a means to configure the various aspects of Sudo:\n" +" Users: The user(s)/group(s) allowed to invoke Sudo.\n" +" Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke " +"Sudo.\n" +" Allow Command: The specific command(s) permitted to be run via Sudo.\n" +" Deny Command: The specific command(s) prohibited to be run via Sudo.\n" +" RunAsUser: The user(s) or group(s) of users whose rights Sudo will be " +"invoked with.\n" +" RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n" +" Options: The various Sudoers Options that can modify Sudo's behavior.\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:59 +msgid "" +"\n" +"An order can be added to a sudorule to control the order in which they\n" +"are evaluated (if the client supports it). This order is an integer and\n" +"must be unique.\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:63 +msgid "" +"\n" +"IPA provides a designated binddn to use with Sudo located at:\n" +"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:66 +msgid "" +"\n" +"To enable the binddn run the following command to set the password:\n" +"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -" +"ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example," +"dc=com\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:73 +msgid "" +"\n" +" Create a new rule:\n" +" ipa sudorule-add readfiles\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:76 +msgid "" +"\n" +" Add sudo command object and add it as allowed command in the rule:\n" +" ipa sudocmd-add /usr/bin/less\n" +" ipa sudorule-add-allow-command readfiles --sudocmds /usr/bin/less\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:80 +msgid "" +"\n" +" Add a host to the rule:\n" +" ipa sudorule-add-host readfiles --hosts server.example.com\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:83 +msgid "" +"\n" +" Add a user to the rule:\n" +" ipa sudorule-add-user readfiles --users jsmith\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:86 +msgid "" +"\n" +" Add a special Sudo rule for default Sudo server configuration:\n" +" ipa sudorule-add defaults\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:89 +msgid "" +"\n" +" Set a default Sudo option:\n" +" ipa sudorule-add-option defaults --sudooption '!authenticate'\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:92 +msgid "" +"\n" +" Set SELinux type and role transitions on a rule:\n" +" ipa sudorule-add-option sysadmin_sudo --sudooption type=unconfined_t\n" +" ipa sudorule-add-option sysadmin_sudo --sudooption role=unconfined_r\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:111 +msgid "this option has been deprecated." +msgstr "" + +#: ipaserver/plugins/sudorule.py:139 +msgid "sudo rules" +msgstr "" + +#: ipaserver/plugins/sudorule.py:227 +msgid "Sudo Rules" +msgstr "" + +#: ipaserver/plugins/sudorule.py:228 +msgid "Sudo Rule" +msgstr "" + +#: ipaserver/plugins/sudorule.py:363 +#, python-format +msgid "order must be a unique value (%(order)d already used by %(rule)s)" +msgstr "" + +#: ipaserver/plugins/sudorule.py:394 +#, python-format +msgid "Added Sudo Rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudorule.py:401 +#, python-format +msgid "Deleted Sudo Rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudorule.py:408 +#, python-format +msgid "Modified Sudo Rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudorule.py:428 #, python-format msgid "" -" Alternatively, following servers are capable of running this command: " -"%(masters)s" +"%(type)s category cannot be set to 'all' while there are allowed %(objects)s" msgstr "" -#: ipaserver/plugins/trust.py:239 ipaserver/plugins/trust.py:871 -#: ipaserver/plugins/trust.py:887 ipaserver/plugins/trust.py:908 -#: ipaserver/plugins/trust.py:918 ipaserver/plugins/trust.py:1071 -#: ipaserver/plugins/trust.py:1106 -msgid "AD Trust setup" +#: ipaserver/plugins/sudorule.py:434 ipaserver/plugins/user.py:163 +msgid "users" msgstr "" -#: ipaserver/plugins/trust.py:250 -msgid "" -"Cannot perform the selected command without Samba 4 support installed. Make " -"sure you have installed server-trust-ad sub-package of IPA." +#: ipaserver/plugins/sudorule.py:444 +msgid "command" msgstr "" -#: ipaserver/plugins/trust.py:260 -msgid "" -"Cannot perform the selected command without Samba 4 instance configured on " -"this machine. Make sure you have run ipa-adtrust-install on this server." +#: ipaserver/plugins/sudorule.py:444 +msgid "commands" msgstr "" -#: ipaserver/plugins/trust.py:345 ipaserver/plugins/hbactest.py:408 -msgid "" -"Cannot search in trusted domains without own domain configured. Make sure " -"you have run ipa-adtrust-install on the IPA server first" +#: ipaserver/plugins/sudorule.py:450 +msgid "runAs user" msgstr "" -#: ipaserver/plugins/trust.py:474 -msgid "" -"Fetching domains from trusted forest failed. See details in the error_log" +#: ipaserver/plugins/sudorule.py:450 +msgid "runAs users" msgstr "" -#: ipaserver/plugins/trust.py:487 -msgid "trust" +#: ipaserver/plugins/sudorule.py:455 +msgid "group runAs" msgstr "" -#: ipaserver/plugins/trust.py:488 -msgid "trusts" +#: ipaserver/plugins/sudorule.py:455 +msgid "runAs groups" msgstr "" -#: ipaserver/plugins/trust.py:530 ipaserver/plugins/internal.py:1934 -msgid "Trusts" -msgstr "" - -#: ipaserver/plugins/trust.py:531 -msgid "Trust" -msgstr "" - -#: ipaserver/plugins/trust.py:549 -msgid "SID blocklist incoming" -msgstr "" - -#: ipaserver/plugins/trust.py:553 -msgid "SID blocklist outgoing" -msgstr "" - -#: ipaserver/plugins/trust.py:556 ipaserver/plugins/internal.py:1527 -msgid "Trust direction" -msgstr "" - -#: ipaserver/plugins/trust.py:560 ipaserver/plugins/internal.py:1529 -msgid "Trust type" -msgstr "" - -#: ipaserver/plugins/trust.py:564 ipaserver/plugins/internal.py:1528 -msgid "Trust status" -msgstr "" - -#: ipaserver/plugins/trust.py:569 -msgid "UPN suffixes" -msgstr "" - -#: ipaserver/plugins/trust.py:586 -#, python-brace-format -msgid "invalid SID: {SID}" -msgstr "" - -#: ipaserver/plugins/trust.py:654 -msgid "" -"\n" -"Add new trust to use.\n" -"\n" -"This command establishes trust relationship to another domain\n" -"which becomes 'trusted'. As result, users of the trusted domain\n" -"may access resources of this domain.\n" -"\n" -"Only trusts to Active Directory domains are supported right now.\n" -"\n" -"The command can be safely run multiple times against the same domain,\n" -"this will cause change to trust relationship credentials on both\n" -"sides.\n" -"\n" -"Note that if the command was previously run with a specific range type,\n" -"or with automatic detection of the range type, and you want to configure a\n" -"different range type, you may need to delete first the ID range using\n" -"ipa idrange-del before retrying the command with the desired range type.\n" -" " -msgstr "" - -#: ipaserver/plugins/trust.py:674 ipaserver/plugins/idrange.py:205 -msgid "Active Directory domain range" -msgstr "" - -#: ipaserver/plugins/trust.py:675 ipaserver/plugins/idrange.py:206 -msgid "Active Directory trust range with POSIX attributes" -msgstr "" - -#: ipaserver/plugins/trust.py:712 -msgid "Type of trusted domain ID range, one of allowed values" -msgstr "" - -#: ipaserver/plugins/trust.py:724 -msgid "External trust" -msgstr "" - -#: ipaserver/plugins/trust.py:726 -msgid "" -"Establish external trust to a domain in another forest. The trust is not " -"transitive beyond the domain." -msgstr "" - -#: ipaserver/plugins/trust.py:732 +#: ipaserver/plugins/sudorule.py:476 #, python-format -msgid "Added Active Directory trust for realm \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/trust.py:733 -#, python-format -msgid "Re-established trust to domain \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/trust.py:829 -msgid "missing base_id" -msgstr "" - -#: ipaserver/plugins/trust.py:831 -msgid "pysss_murmur is not available on the server and no base-id is given." -msgstr "" - -#: ipaserver/plugins/trust.py:841 -msgid "trust type" -msgstr "" - -#: ipaserver/plugins/trust.py:842 -msgid "only \"ad\" is supported" -msgstr "" - -#: ipaserver/plugins/trust.py:848 ipaserver/plugins/certmap.py:141 -#: ipaserver/plugins/certmap.py:148 ipaserver/plugins/certmap.py:175 -msgid "domain" -msgstr "" - -#: ipaserver/plugins/trust.py:849 -msgid "" -"Cannot establish a trust to AD deployed in the same domain as IPA. Such " -"setup is not supported." -msgstr "" - -#: ipaserver/plugins/trust.py:862 -msgid "Realm-domain mismatch" -msgstr "" - -#: ipaserver/plugins/trust.py:863 -msgid "" -"To establish trust with Active Directory, the domain name and the realm name " -"of the IPA server must match" -msgstr "" - -#: ipaserver/plugins/trust.py:873 ipaserver/plugins/group.py:625 -#: ipaserver/plugins/group.py:682 -msgid "" -"Cannot perform join operation without own domain configured. Make sure you " -"have run ipa-adtrust-install on the IPA server first" -msgstr "" - -#: ipaserver/plugins/trust.py:889 -#, python-format -msgid "" -"Trusted domain %(domain)s is included among IPA realm domains. It needs to " -"be removed prior to establishing the trust. See the \"ipa realmdomains-mod --" -"del-domain\" command." -msgstr "" - -#: ipaserver/plugins/trust.py:910 -msgid "Trusted domain and administrator account use different realms" -msgstr "" - -#: ipaserver/plugins/trust.py:919 -msgid "Realm administrator password should be specified" -msgstr "" - -#: ipaserver/plugins/trust.py:940 -msgid "id range type" -msgstr "" - -#: ipaserver/plugins/trust.py:942 -msgid "" -"Only the ipa-ad-trust and ipa-ad-trust-posix are allowed values for --range-" -"type when adding an AD trust." -msgstr "" - -#: ipaserver/plugins/trust.py:952 -msgid "id range" -msgstr "" - -#: ipaserver/plugins/trust.py:954 -msgid "" -"An id range already exists for this trust. You should either delete the old " -"range, or exclude --base-id/--range-size options from the command." -msgstr "" - -#: ipaserver/plugins/trust.py:976 -msgid "range exists" -msgstr "" - -#: ipaserver/plugins/trust.py:978 -msgid "" -"ID range with the same name but different domain SID already exists. The ID " -"range for the new trusted domain must be created manually." -msgstr "" - -#: ipaserver/plugins/trust.py:986 -msgid "range type change" -msgstr "" - -#: ipaserver/plugins/trust.py:987 -msgid "" -"ID range for the trusted domain already exists, but it has a different type. " -"Please remove the old range manually, or do not enforce type via --range-" -"type option." -msgstr "" - -#: ipaserver/plugins/trust.py:1025 -#, python-brace-format -msgid "Unable to resolve domain controller for {domain} domain. " -msgstr "" - -#: ipaserver/plugins/trust.py:1039 -msgid "" -"Forward policy is defined for it in IPA DNS, perhaps forwarder points to " -"incorrect host?" -msgstr "" - -#: ipaserver/plugins/trust.py:1045 -#, python-brace-format -msgid "" -"IPA manages DNS, please verify your DNS configuration and make sure that " -"service records of the '{domain}' domain can be resolved. Examples how to " -"configure DNS with CLI commands or the Web UI can be found in the " -"documentation. " -msgstr "" - -#: ipaserver/plugins/trust.py:1057 -#, python-brace-format -msgid "" -"Since IPA does not manage DNS records, ensure DNS is configured to resolve " -"'{domain}' domain from IPA hosts and back." -msgstr "" - -#: ipaserver/plugins/trust.py:1072 -msgid "Unable to verify write permissions to the AD" -msgstr "" - -#: ipaserver/plugins/trust.py:1107 -msgid "Not enough arguments specified to perform trust setup" -msgstr "" - -#: ipaserver/plugins/trust.py:1115 -#, python-format -msgid "Deleted trust \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/trust.py:1120 -msgid "" -"\n" -" Modify a trust (for future use).\n" -"\n" -" Currently only the default option to modify the LDAP attributes is\n" -" available. More specific options will be added in coming releases.\n" -" " -msgstr "" - -#: ipaserver/plugins/trust.py:1127 -#, python-format -msgid "Modified trust \"%(value)s\" (change will be effective in 60 seconds)" -msgstr "" - -#: ipaserver/plugins/trust.py:1145 -#, python-format -msgid "%(count)d trust matched" -msgid_plural "%(count)d trusts matched" +msgid "%(count)d Sudo Rule matched" +msgid_plural "%(count)d Sudo Rules matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/trust.py:1234 -msgid "trust configuration" +#: ipaserver/plugins/sudorule.py:548 +msgid "commands cannot be added when command category='all'" msgstr "" -#: ipaserver/plugins/trust.py:1240 ipaserver/plugins/trust.py:1241 -msgid "Global Trust Configuration" +#: ipaserver/plugins/sudorule.py:599 ipaserver/plugins/caacl.py:397 +#: ipaserver/plugins/selinuxusermap.py:564 ipaserver/plugins/hbacrule.py:518 +msgid "users cannot be added when user category='all'" msgstr "" -#: ipaserver/plugins/trust.py:1266 -msgid "IPA AD trust agents" +#: ipaserver/plugins/sudorule.py:702 ipaserver/plugins/caacl.py:429 +#: ipaserver/plugins/selinuxusermap.py:597 ipaserver/plugins/hbacrule.py:549 +msgid "hosts cannot be added when host category='all'" msgstr "" -#: ipaserver/plugins/trust.py:1267 -msgid "IPA servers configured as AD trust agents" +#: ipaserver/plugins/sudorule.py:810 ipaserver/plugins/sudorule.py:932 +msgid "users cannot be added when runAs user or runAs group category='all'" msgstr "" -#: ipaserver/plugins/trust.py:1272 -msgid "IPA AD trust controllers" -msgstr "" - -#: ipaserver/plugins/trust.py:1273 -msgid "IPA servers configured as AD trust controllers" -msgstr "" - -#: ipaserver/plugins/trust.py:1287 -msgid "unsupported trust type" -msgstr "" - -#: ipaserver/plugins/trust.py:1354 +#: ipaserver/plugins/sudorule.py:817 #, python-format -msgid "Modified \"%(value)s\" trust configuration" +msgid "RunAsUser does not accept '%(name)s' as a user name" msgstr "" -#: ipaserver/plugins/trust.py:1418 ipaserver/plugins/ca.py:84 -#: ipaserver/plugins/schema.py:54 -msgid "Name" -msgstr "" - -#: ipaserver/plugins/trust.py:1419 -msgid "SID" -msgstr "" - -#: ipaserver/plugins/trust.py:1545 -msgid "sidgen_was_run" -msgstr "" - -#: ipaserver/plugins/trust.py:1547 -msgid "" -"This command relies on the existence of the \"editors\" group, but this " -"group was not found." -msgstr "" - -#: ipaserver/plugins/trust.py:1566 -msgid "trust domain" -msgstr "" - -#: ipaserver/plugins/trust.py:1567 -msgid "trust domains" -msgstr "" - -#: ipaserver/plugins/trust.py:1575 -msgid "Trusted domains" -msgstr "" - -#: ipaserver/plugins/trust.py:1576 -msgid "Trusted domain" -msgstr "" - -#: ipaserver/plugins/trust.py:1590 -msgid "Domain enabled" -msgstr "" - -#: ipaserver/plugins/trust.py:1662 +#: ipaserver/plugins/sudorule.py:825 #, python-format -msgid "Removed information about the trusted domain \"%(value)s\"" +msgid "RunAsUser does not accept '%(name)s' as a group name" msgstr "" -#: ipaserver/plugins/trust.py:1680 -msgid "" -"cannot delete root domain of the trust, use trust-del to delete the trust " -"itself" -msgstr "" - -#: ipaserver/plugins/trust.py:1828 -msgid "" -"List of trust domains successfully refreshed. Use trustdomain-find command " -"to list them." -msgstr "" - -#: ipaserver/plugins/trust.py:1836 -msgid "Configure this server as a trust agent." -msgstr "" - -#: ipaserver/plugins/trust.py:1852 -msgid "Enable support for trusted domains for old clients" -msgstr "" - -#: ipaserver/plugins/trust.py:1862 ipaserver/plugins/server.py:914 +#: ipaserver/plugins/sudorule.py:939 #, python-format -msgid "must be \"%s\"" -msgstr "" - -#: ipaserver/plugins/trust.py:1868 -msgid "not allowed to remotely add agent" -msgstr "" - -#: ipaserver/plugins/trust.py:1904 -#, python-format -msgid "Enabled trust domain \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/trust.py:1913 -msgid "Root domain of the trust is always enabled for the existing trust" -msgstr "" - -#: ipaserver/plugins/trust.py:1946 -#, python-format -msgid "Disabled trust domain \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/trust.py:1955 -msgid "" -"cannot disable root domain of the trust, use trust-del to delete the trust " -"itself" +msgid "RunAsGroup does not accept '%(name)s' as a group name" msgstr "" #: ipaserver/plugins/caacl.py:21 @@ -14566,11 +14171,6 @@ msgstr "" msgid "%i users or groups added." msgstr "" -#: ipaserver/plugins/caacl.py:397 ipaserver/plugins/hbacrule.py:518 -#: ipaserver/plugins/selinuxusermap.py:564 ipaserver/plugins/sudorule.py:593 -msgid "users cannot be added when user category='all'" -msgstr "" - #: ipaserver/plugins/caacl.py:407 #, python-format msgid "%i user or group removed." @@ -14591,11 +14191,6 @@ msgstr "" msgid "%i hosts or hostgroups added." msgstr "" -#: ipaserver/plugins/caacl.py:429 ipaserver/plugins/hbacrule.py:549 -#: ipaserver/plugins/selinuxusermap.py:597 ipaserver/plugins/sudorule.py:647 -msgid "hosts cannot be added when host category='all'" -msgstr "" - #: ipaserver/plugins/caacl.py:439 #, python-format msgid "%i host or hostgroup removed." @@ -14686,270 +14281,120 @@ msgstr "" msgid "%i CAs removed." msgstr "" -#: ipaserver/plugins/certmap.py:50 +#: ipaserver/plugins/domainlevel.py:69 +#, python-brace-format msgid "" -"\n" -"Certificate Identity Mapping\n" +"Domain Level cannot be raised to {0}, existing replication conflicts have to " +"be resolved." msgstr "" -#: ipaserver/plugins/certmap.py:52 -msgid "" -"\n" -"Manage Certificate Identity Mapping configuration and rules.\n" +#: ipaserver/plugins/domainlevel.py:112 +msgid "Server does not support domain level functionality" msgstr "" -#: ipaserver/plugins/certmap.py:54 -msgid "" -"\n" -"IPA supports the use of certificates for authentication. Certificates can\n" -"either be stored in the user entry (full certificate in the usercertificate\n" -"attribute), or simply linked to the user entry through a mapping.\n" -"This code enables the management of the rules allowing to link a\n" -"certificate to a user entry.\n" +#: ipaserver/plugins/domainlevel.py:147 +msgid "Domain Level cannot be lowered." msgstr "" -#: ipaserver/plugins/certmap.py:62 -msgid "" -"\n" -" Display the Certificate Identity Mapping global configuration:\n" -" ipa certmapconfig-show\n" +#: ipaserver/plugins/domainlevel.py:155 +#, python-brace-format +msgid "Domain Level cannot be raised to {0}, server {1} does not support it." msgstr "" -#: ipaserver/plugins/certmap.py:65 +#: ipaserver/plugins/otptoken.py:42 msgid "" "\n" -" Modify Certificate Identity Mapping global configuration:\n" -" ipa certmapconfig-mod --promptusername=TRUE\n" +"OTP Tokens\n" msgstr "" -#: ipaserver/plugins/certmap.py:68 +#: ipaserver/plugins/otptoken.py:44 msgid "" "\n" -" Create a new Certificate Identity Mapping Rule:\n" -" ipa certmaprule-add rule1 --desc=\"Link certificate with subject and " -"issuer\"\n" +"Manage OTP tokens.\n" msgstr "" -#: ipaserver/plugins/certmap.py:71 +#: ipaserver/plugins/otptoken.py:46 msgid "" "\n" -" Modify a Certificate Identity Mapping Rule:\n" -" ipa certmaprule-mod rule1 --maprule=\"\"\n" +"IPA supports the use of OTP tokens for multi-factor authentication. This\n" +"code enables the management of OTP tokens.\n" msgstr "" -#: ipaserver/plugins/certmap.py:74 +#: ipaserver/plugins/otptoken.py:51 msgid "" "\n" -" Disable a Certificate Identity Mapping Rule:\n" -" ipa certmaprule-disable rule1\n" +" Add a new token:\n" +" ipa otptoken-add --type=totp --owner=jdoe --desc=\"My soft token\"\n" msgstr "" -#: ipaserver/plugins/certmap.py:77 +#: ipaserver/plugins/otptoken.py:54 msgid "" "\n" -" Enable a Certificate Identity Mapping Rule:\n" -" ipa certmaprule-enable rule1\n" +" Examine the token:\n" +" ipa otptoken-show a93db710-a31a-4639-8647-f15b2c70b78a\n" msgstr "" -#: ipaserver/plugins/certmap.py:80 +#: ipaserver/plugins/otptoken.py:57 msgid "" "\n" -" Display information about a Certificate Identity Mapping Rule:\n" -" ipa certmaprule-show rule1\n" +" Change the vendor:\n" +" ipa otptoken-mod a93db710-a31a-4639-8647-f15b2c70b78a --vendor=\"Red Hat" +"\"\n" msgstr "" -#: ipaserver/plugins/certmap.py:83 +#: ipaserver/plugins/otptoken.py:60 msgid "" "\n" -" Find all Certificate Identity Mapping Rules with the specified domain:\n" -" ipa certmaprule-find --domain example.com\n" +" Delete a token:\n" +" ipa otptoken-del a93db710-a31a-4639-8647-f15b2c70b78a\n" msgstr "" -#: ipaserver/plugins/certmap.py:86 -msgid "" -"\n" -" Delete a Certificate Identity Mapping Rule:\n" -" ipa certmaprule-del rule1\n" +#: ipaserver/plugins/otptoken.py:137 +msgid "OTP token" msgstr "" -#: ipaserver/plugins/certmap.py:142 +#: ipaserver/plugins/otptoken.py:138 +msgid "OTP tokens" +msgstr "" + +#: ipaserver/plugins/otptoken.py:154 +msgid "OTP Tokens" +msgstr "" + +#: ipaserver/plugins/otptoken.py:155 +msgid "OTP Token" +msgstr "" + +#: ipaserver/plugins/otptoken.py:272 +msgid "URI" +msgstr "" + +#: ipaserver/plugins/otptoken.py:281 #, python-format -msgid "" -"The domain(s) \"%s\" cannot be used to apply altSecurityIdentities check." +msgid "Added OTP token \"%(value)s\"" msgstr "" -#: ipaserver/plugins/certmap.py:149 -msgid "" -"The mapping rule with altSecurityIdentities should be applied to a trusted " -"Active Directory domain but no domain was associated with the rule." +#: ipaserver/plugins/otptoken.py:335 +msgid "cannot be empty" msgstr "" -#: ipaserver/plugins/certmap.py:176 +#: ipaserver/plugins/otptoken.py:367 #, python-format -msgid "The domain %s is neither IPA domain nor a trusteddomain." +msgid "Deleted OTP token \"%(value)s\"" msgstr "" -#: ipaserver/plugins/certmap.py:186 -msgid "Certificate Identity Mapping configuration options" -msgstr "" - -#: ipaserver/plugins/certmap.py:191 ipaserver/plugins/certmap.py:192 -msgid "Certificate Identity Mapping Global Configuration" -msgstr "" - -#: ipaserver/plugins/certmap.py:198 -msgid "Prompt for the username" -msgstr "" - -#: ipaserver/plugins/certmap.py:199 -msgid "" -"Prompt for the username when multiple identities are mapped to a certificate" -msgstr "" - -#: ipaserver/plugins/certmap.py:229 -msgid "Modify Certificate Identity Mapping configuration." -msgstr "" - -#: ipaserver/plugins/certmap.py:234 -msgid "Show the current Certificate Identity Mapping configuration." -msgstr "" - -#: ipaserver/plugins/certmap.py:243 ipaserver/plugins/certmap.py:247 -msgid "Certificate Identity Mapping Rules" -msgstr "" - -#: ipaserver/plugins/certmap.py:244 ipaserver/plugins/certmap.py:246 -msgid "Certificate Identity Mapping Rule" -msgstr "" - -#: ipaserver/plugins/certmap.py:274 -msgid "Certificate Identity Mapping Rule name" -msgstr "" - -#: ipaserver/plugins/certmap.py:280 -msgid "Certificate Identity Mapping Rule description" -msgstr "" - -#: ipaserver/plugins/certmap.py:285 -msgid "Mapping rule" -msgstr "" - -#: ipaserver/plugins/certmap.py:286 -msgid "Rule used to map the certificate with a user entry" -msgstr "" - -#: ipaserver/plugins/certmap.py:291 -msgid "Matching rule" -msgstr "" - -#: ipaserver/plugins/certmap.py:292 -msgid "Rule used to check if a certificate can be used for authentication" -msgstr "" - -#: ipaserver/plugins/certmap.py:299 -msgid "Domain where the user entry will be searched" -msgstr "" - -#: ipaserver/plugins/certmap.py:305 -msgid "Priority of the rule (higher number means lower priority" -msgstr "" - -#: ipaserver/plugins/certmap.py:356 -msgid "Create a new Certificate Identity Mapping Rule." -msgstr "" - -#: ipaserver/plugins/certmap.py:358 +#: ipaserver/plugins/otptoken.py:373 #, python-format -msgid "Added Certificate Identity Mapping Rule \"%(value)s\"" +msgid "Modified OTP token \"%(value)s\"" msgstr "" -#: ipaserver/plugins/certmap.py:369 -msgid "Modify a Certificate Identity Mapping Rule." -msgstr "" - -#: ipaserver/plugins/certmap.py:371 +#: ipaserver/plugins/otptoken.py:422 #, python-format -msgid "Modified Certificate Identity Mapping Rule \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/certmap.py:392 -msgid "Search for Certificate Identity Mapping Rules." -msgstr "" - -#: ipaserver/plugins/certmap.py:395 -#, python-format -msgid "%(count)d Certificate Identity Mapping Rule matched" -msgid_plural "%(count)d Certificate Identity Mapping Rules matched" +msgid "%(count)d OTP token matched" +msgid_plural "%(count)d OTP tokens matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/certmap.py:402 -msgid "Display information about a Certificate Identity Mapping Rule." -msgstr "" - -#: ipaserver/plugins/certmap.py:408 -msgid "Delete a Certificate Identity Mapping Rule." -msgstr "" - -#: ipaserver/plugins/certmap.py:410 -#, python-format -msgid "Deleted Certificate Identity Mapping Rule \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/certmap.py:415 -msgid "Enable a Certificate Identity Mapping Rule." -msgstr "" - -#: ipaserver/plugins/certmap.py:417 -#, python-format -msgid "Enabled Certificate Identity Mapping Rule \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/certmap.py:444 -msgid "Disable a Certificate Identity Mapping Rule." -msgstr "" - -#: ipaserver/plugins/certmap.py:446 -#, python-format -msgid "Disabled Certificate Identity Mapping Rule \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/certmap.py:500 -msgid "Failed to connect to sssd over SystemBus. See details in the error_log" -msgstr "" - -#: ipaserver/plugins/certmap.py:554 -msgid "Failed to find users over SystemBus. See details in the error_log" -msgstr "" - -#: ipaserver/plugins/certmap.py:571 -msgid "User logins" -msgstr "" - -#: ipaserver/plugins/certmap.py:579 -msgid "" -"\n" -" Search for users matching the provided certificate.\n" -"\n" -" This command relies on SSSD to retrieve the list of matching users and\n" -" may return cached data. For more information on purging SSSD cache,\n" -" please refer to sss_cache documentation.\n" -" " -msgstr "" - -#: ipaserver/plugins/certmap.py:587 -#, python-format -msgid "%(count)s user matched" -msgid_plural "%(count)s users matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/certmap.py:606 ipaserver/plugins/idviews.py:1021 -#: ipaserver/plugins/baseuser.py:399 ipaserver/plugins/baseuser.py:839 -msgid "Base-64 encoded user certificate" -msgstr "" - #: ipaserver/plugins/dnsserver.py:35 msgid "" "\n" @@ -15254,8 +14699,8 @@ msgid "sn is required" msgstr "" #: ipaserver/plugins/stageuser.py:329 ipaserver/plugins/stageuser.py:533 -#: ipaserver/plugins/user.py:558 ipaserver/plugins/baseuser.py:567 -#: ipaserver/plugins/host.py:681 +#: ipaserver/plugins/host.py:687 ipaserver/plugins/baseuser.py:567 +#: ipaserver/plugins/user.py:558 #, python-format msgid "can be at most %(len)d characters" msgstr "" @@ -15345,466 +14790,1022 @@ msgstr "" msgid "Remove one or more certificate mappings from the stage user entry." msgstr "" -#: ipaserver/plugins/ca.py:20 +#: ipaserver/plugins/topology.py:24 msgid "" "\n" -"Manage Certificate Authorities\n" +"Topology\n" +"\n" +"Management of a replication topology at domain level 1.\n" msgstr "" -#: ipaserver/plugins/ca.py:22 +#: ipaserver/plugins/topology.py:28 msgid "" "\n" -"Subordinate Certificate Authorities (Sub-CAs) can be added for scoped " -"issuance\n" -"of X.509 certificates.\n" +"IPA server's data is stored in LDAP server in two suffixes:\n" +"* domain suffix, e.g., 'dc=example,dc=com', contains all domain related " +"data\n" +"* ca suffix, 'o=ipaca', is present only on server with CA installed. It\n" +" contains data for Certificate Server component\n" msgstr "" -#: ipaserver/plugins/ca.py:25 +#: ipaserver/plugins/topology.py:33 msgid "" "\n" -"CAs are enabled on creation, but their use is subject to CA ACLs unless the\n" -"operator has permission to bypass CA ACLs.\n" +"Data stored on IPA servers is replicated to other IPA servers. The way it " +"is\n" +"replicated is defined by replication agreements. Replication agreements " +"needs\n" +"to be set for both suffixes separately. On domain level 0 they are managed\n" +"using ipa-replica-manage and ipa-csreplica-manage tools. With domain level " +"1\n" +"they are managed centrally using `ipa topology*` commands.\n" msgstr "" -#: ipaserver/plugins/ca.py:28 +#: ipaserver/plugins/topology.py:39 msgid "" "\n" -"All CAs except the 'IPA' CA can be disabled or re-enabled. Disabling a CA\n" -"prevents it from issuing certificates but does not affect the validity of " -"its\n" -"certificate.\n" +"Agreements are represented by topology segments. By default topology " +"segment\n" +"represents 2 replication agreements - one for each direction, e.g., A to B " +"and\n" +"B to A. Creation of unidirectional segments is not allowed.\n" msgstr "" -#: ipaserver/plugins/ca.py:32 +#: ipaserver/plugins/topology.py:43 msgid "" "\n" -"CAs (all except the 'IPA' CA) can be deleted. Deleting a CA causes its " -"signing\n" -"certificate to be revoked and its private key deleted.\n" +"To verify that no server is disconnected in the topology of the given " +"suffix,\n" +"use:\n" +" ipa topologysuffix-verify $suffix\n" msgstr "" -#: ipaserver/plugins/ca.py:37 +#: ipaserver/plugins/topology.py:47 msgid "" "\n" -" Create new CA, subordinate to the IPA CA (requires permission\n" -" \"System: Add CA\"):\n" "\n" -" ipa ca-add puppet --desc \"Puppet\" \\\n" -" --subject \"CN=Puppet CA,O=EXAMPLE.COM\"\n" +"Examples:\n" +" Find all IPA servers:\n" +" ipa server-find\n" msgstr "" -#: ipaserver/plugins/ca.py:43 +#: ipaserver/plugins/topology.py:52 msgid "" "\n" -" Disable a CA (requires permission \"System: Modify CA\"):\n" -"\n" -" ipa ca-disable puppet\n" +" Find all suffixes:\n" +" ipa topologysuffix-find\n" msgstr "" -#: ipaserver/plugins/ca.py:47 +#: ipaserver/plugins/topology.py:55 msgid "" "\n" -" Re-enable a CA (requires permission \"System: Modify CA\"):\n" -"\n" -" ipa ca-enable puppet\n" +" Add topology segment to 'domain' suffix:\n" +" ipa topologysegment-add domain --left IPA_SERVER_A --right IPA_SERVER_B\n" msgstr "" -#: ipaserver/plugins/ca.py:51 +#: ipaserver/plugins/topology.py:58 msgid "" "\n" -" Delete a CA (requires permission \"System: Delete CA\"; also requires\n" -" CA to be disabled first):\n" +" Add topology segment to 'ca' suffix:\n" +" ipa topologysegment-add ca --left IPA_SERVER_A --right IPA_SERVER_B\n" +msgstr "" + +#: ipaserver/plugins/topology.py:61 +msgid "" "\n" -" ipa ca-del puppet\n" +" List all topology segments in 'domain' suffix:\n" +" ipa topologysegment-find domain\n" msgstr "" -#: ipaserver/plugins/ca.py:68 ipaserver/plugins/ca.py:78 -msgid "Certificate Authority" +#: ipaserver/plugins/topology.py:64 +msgid "" +"\n" +" List all topology segments in 'ca' suffix:\n" +" ipa topologysegment-find ca\n" msgstr "" -#: ipaserver/plugins/ca.py:69 ipaserver/plugins/ca.py:77 -msgid "Certificate Authorities" +#: ipaserver/plugins/topology.py:67 +msgid "" +"\n" +" Delete topology segment in 'domain' suffix:\n" +" ipa topologysegment-del domain segment_name\n" msgstr "" -#: ipaserver/plugins/ca.py:85 -msgid "Name for referencing the CA" +#: ipaserver/plugins/topology.py:70 +msgid "" +"\n" +" Delete topology segment in 'ca' suffix:\n" +" ipa topologysegment-del ca segment_name\n" msgstr "" -#: ipaserver/plugins/ca.py:90 -msgid "Description of the purpose of the CA" +#: ipaserver/plugins/topology.py:73 +msgid "" +"\n" +" Verify topology of 'domain' suffix:\n" +" ipa topologysuffix-verify domain\n" msgstr "" -#: ipaserver/plugins/ca.py:94 -msgid "Authority ID" +#: ipaserver/plugins/topology.py:76 +msgid "" +"\n" +" Verify topology of 'ca' suffix:\n" +" ipa topologysuffix-verify ca\n" msgstr "" -#: ipaserver/plugins/ca.py:95 -msgid "Dogtag Authority ID" +#: ipaserver/plugins/topology.py:92 +#, python-brace-format +msgid "Topology management requires minimum domain level {0} " msgstr "" -#: ipaserver/plugins/ca.py:100 ipaserver/plugins/ca.py:286 -msgid "Subject DN" +#: ipaserver/plugins/topology.py:104 +msgid "segment" msgstr "" -#: ipaserver/plugins/ca.py:101 -msgid "Subject Distinguished Name" +#: ipaserver/plugins/topology.py:105 +msgid "segments" msgstr "" -#: ipaserver/plugins/ca.py:106 ipaserver/plugins/cert.py:426 -msgid "Issuer DN" +#: ipaserver/plugins/topology.py:119 +msgid "Topology Segments" msgstr "" -#: ipaserver/plugins/ca.py:107 -msgid "Issuer Distinguished Name" +#: ipaserver/plugins/topology.py:120 +msgid "Topology Segment" msgstr "" -#: ipaserver/plugins/ca.py:113 ipaserver/plugins/cert.py:354 -msgid "Base-64 encoded certificate." -msgstr "" - -#: ipaserver/plugins/ca.py:118 ipaserver/plugins/cert.py:359 -msgid "Certificate chain" -msgstr "" - -#: ipaserver/plugins/ca.py:119 ipaserver/plugins/cert.py:360 -msgid "X.509 certificate chain" -msgstr "" - -#: ipaserver/plugins/ca.py:218 -msgid "Search for CAs." -msgstr "" - -#: ipaserver/plugins/ca.py:220 +#: ipaserver/plugins/topology.py:226 #, python-format -msgid "%(count)d CA matched" -msgid_plural "%(count)d CAs matched" +msgid "left node is not a topology node: %(leftnode)s" +msgstr "" + +#: ipaserver/plugins/topology.py:233 +#, python-format +msgid "right node is not a topology node: %(rightnode)s" +msgstr "" + +#: ipaserver/plugins/topology.py:250 +msgid "left node and right node must not be the same" +msgstr "" + +#: ipaserver/plugins/topology.py:261 +#, python-brace-format +msgid "left node ({host}) does not support suffix '{suff}'" +msgstr "" + +#: ipaserver/plugins/topology.py:269 +#, python-brace-format +msgid "right node ({host}) does not support suffix '{suff}'" +msgstr "" + +#: ipaserver/plugins/topology.py:280 +#, python-format +msgid "%(count)d segment matched" +msgid_plural "%(count)d segments matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/ca.py:237 ipaserver/plugins/cert.py:599 -msgid "Include certificate chain in output" -msgstr "" - -#: ipaserver/plugins/ca.py:243 -msgid "Display the properties of a CA." -msgstr "" - -#: ipaserver/plugins/ca.py:260 -msgid "Create a CA." -msgstr "" - -#: ipaserver/plugins/ca.py:261 +#: ipaserver/plugins/topology.py:289 #, python-format -msgid "Created CA \"%(value)s\"" +msgid "Added segment \"%(value)s\"" msgstr "" -#: ipaserver/plugins/ca.py:271 +#: ipaserver/plugins/topology.py:302 #, python-format -msgid "Insufficient 'add' privilege for entry '%s'." +msgid "Deleted segment \"%(value)s\"" msgstr "" -#: ipaserver/plugins/ca.py:287 +#: ipaserver/plugins/topology.py:314 #, python-format -msgid "Unrecognized attributes: %(attrs)s" +msgid "Modified segment \"%(value)s\"" msgstr "" -#: ipaserver/plugins/ca.py:302 +#: ipaserver/plugins/topology.py:329 #, python-format -msgid "Subject DN is already used by CA '%s'" +msgid "%(value)s" msgstr "" -#: ipaserver/plugins/ca.py:326 -msgid "Delete a CA (must be disabled first)." +#: ipaserver/plugins/topology.py:365 +msgid "left or right node has to be specified" msgstr "" -#: ipaserver/plugins/ca.py:328 +#: ipaserver/plugins/topology.py:370 +msgid "only one node can be specified" +msgstr "" + +#: ipaserver/plugins/topology.py:374 #, python-format -msgid "Deleted CA \"%(value)s\"" +msgid "Replication refresh for segment: \"%(pkey)s\" requested." msgstr "" -#: ipaserver/plugins/ca.py:337 -msgid "Insufficient privilege to delete a CA." -msgstr "" - -#: ipaserver/plugins/ca.py:341 ipaserver/plugins/ca.py:350 -#: ipaserver/plugins/ca.py:369 ipaserver/plugins/ca.py:409 -#: ipaserver/plugins/internal.py:636 -msgid "CA" -msgstr "" - -#: ipaserver/plugins/ca.py:343 -msgid "IPA CA cannot be deleted" -msgstr "" - -#: ipaserver/plugins/ca.py:352 -msgid "Must be disabled first" -msgstr "" - -#: ipaserver/plugins/ca.py:360 -msgid "Modify CA configuration." -msgstr "" - -#: ipaserver/plugins/ca.py:361 +#: ipaserver/plugins/topology.py:377 #, python-format -msgid "Modified CA \"%(value)s\"" +msgid "Stopping of replication refresh for segment: \"%(pkey)s\" requested." msgstr "" -#: ipaserver/plugins/ca.py:387 -msgid "Insufficient privilege to modify a CA." +#: ipaserver/plugins/topology.py:408 +msgid "suffixes" msgstr "" -#: ipaserver/plugins/ca.py:403 -msgid "Disable a CA." +#: ipaserver/plugins/topology.py:412 +msgid "Topology suffixes" msgstr "" -#: ipaserver/plugins/ca.py:404 +#: ipaserver/plugins/topology.py:413 +msgid "Topology suffix" +msgstr "" + +#: ipaserver/plugins/topology.py:435 #, python-format -msgid "Disabled CA \"%(value)s\"" -msgstr "" +msgid "%(count)d topology suffix matched" +msgid_plural "%(count)d topology suffixes matched" +msgstr[0] "" +msgstr[1] "" -#: ipaserver/plugins/ca.py:411 -msgid "IPA CA cannot be disabled" -msgstr "" - -#: ipaserver/plugins/ca.py:421 -msgid "Enable a CA." -msgstr "" - -#: ipaserver/plugins/ca.py:422 +#: ipaserver/plugins/topology.py:446 #, python-format -msgid "Enabled CA \"%(value)s\"" +msgid "Deleted topology suffix \"%(value)s\"" msgstr "" -#: ipaserver/plugins/virtual.py:57 -msgid "operation not defined" -msgstr "" - -#: ipaserver/plugins/virtual.py:82 +#: ipaserver/plugins/topology.py:460 #, python-format -msgid "not allowed to perform operation: %s" +msgid "Added topology suffix \"%(value)s\"" msgstr "" -#: ipaserver/plugins/virtual.py:84 -msgid "No such virtual command" +#: ipaserver/plugins/topology.py:474 +#, python-format +msgid "Modified topology suffix \"%(value)s\"" msgstr "" -#: ipaserver/plugins/hbactest.py:39 ipaserver/plugins/cert.py:64 -msgid "pyhbac is not installed." -msgstr "" - -#: ipaserver/plugins/hbactest.py:45 +#: ipaserver/plugins/topology.py:489 msgid "" "\n" -"Simulate use of Host-based access controls\n" +"Verify replication topology for suffix.\n" "\n" -"HBAC rules control who can access what services on what hosts.\n" -"You can use HBAC to control which users or groups can access a service,\n" -"or group of services, on a target host.\n" +"Checks done:\n" +" 1. check if a topology is not disconnected. In other words if there are\n" +" replication paths between all servers.\n" +" 2. check if servers don't have more than the recommended number of\n" +" replication agreements\n" +msgstr "" + +#: ipaserver/plugins/host.py:74 +msgid "" "\n" -"Since applying HBAC rules implies use of a production environment,\n" -"this plugin aims to provide simulation of HBAC rules evaluation without\n" -"having access to the production environment.\n" +"Hosts/Machines\n" "\n" -" Test user coming to a service on a named host against\n" -" existing enabled rules.\n" +"A host represents a machine. It can be used in a number of contexts:\n" +"- service entries are associated with a host\n" +"- a host stores the host/ service principal\n" +"- a host can be used in Host-based Access Control (HBAC) rules\n" +"- every enrolled client generates a host entry\n" +msgstr "" + +#: ipaserver/plugins/host.py:82 +msgid "" "\n" -" ipa hbactest --user= --host= --service=\n" -" [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n" -" [--sizelimit= ]\n" +"ENROLLMENT:\n" "\n" -" --user, --host, and --service are mandatory, others are optional.\n" +"There are three enrollment scenarios when enrolling a new client:\n" "\n" -" If --rules is specified simulate enabling of the specified rules and test\n" -" the login of the user using only these rules.\n" +"1. You are enrolling as a full administrator. The host entry may exist\n" +" or not. A full administrator is a member of the hostadmin role\n" +" or the admins group.\n" +"2. You are enrolling as a limited administrator. The host must already\n" +" exist. A limited administrator is a member a role with the\n" +" Host Enrollment privilege.\n" +"3. The host has been created with a one-time password.\n" +msgstr "" + +#: ipaserver/plugins/host.py:94 +msgid "" "\n" -" If --enabled is specified, all enabled HBAC rules will be added to " -"simulation\n" +"RE-ENROLLMENT:\n" "\n" -" If --disabled is specified, all disabled HBAC rules will be added to " -"simulation\n" +"Host that has been enrolled at some point, and lost its configuration (e.g. " +"VM\n" +"destroyed) can be re-enrolled.\n" "\n" -" If --nodetail is specified, do not return information about rules matched/" -"not matched.\n" +"For more information, consult the manual pages for ipa-client-install.\n" "\n" -" If both --rules and --enabled are specified, apply simulation to --rules " -"_and_\n" -" all IPA enabled rules.\n" +"A host can optionally store information such as where it is located,\n" +"the OS that it runs, etc.\n" +msgstr "" + +#: ipaserver/plugins/host.py:106 +msgid "" "\n" -" If no --rules specified, simulation is run against all IPA enabled rules.\n" -" By default there is a IPA-wide limit to number of entries fetched, you can " -"change it\n" -" with --sizelimit option.\n" +" Add a new host:\n" +" ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example." +"com\n" +msgstr "" + +#: ipaserver/plugins/host.py:109 +msgid "" +"\n" +" Delete a host:\n" +" ipa host-del test.example.com\n" +msgstr "" + +#: ipaserver/plugins/host.py:112 +msgid "" +"\n" +" Add a new host with a one-time password:\n" +" ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n" +msgstr "" + +#: ipaserver/plugins/host.py:115 +msgid "" +"\n" +" Add a new host with a random one-time password:\n" +" ipa host-add --os='Fedora 12' --random test.example.com\n" +msgstr "" + +#: ipaserver/plugins/host.py:118 +msgid "" +"\n" +" Modify information about a host:\n" +" ipa host-mod --os='Fedora 12' test.example.com\n" +msgstr "" + +#: ipaserver/plugins/host.py:121 +msgid "" +"\n" +" Remove SSH public keys of a host and update DNS to reflect this change:\n" +" ipa host-mod --sshpubkey= --updatedns test.example.com\n" +msgstr "" + +#: ipaserver/plugins/host.py:124 +msgid "" +"\n" +" Disable the host Kerberos key, SSL certificate and all of its services:\n" +" ipa host-disable test.example.com\n" +msgstr "" + +#: ipaserver/plugins/host.py:127 +msgid "" +"\n" +" Add a host that can manage this host's keytab and certificate:\n" +" ipa host-add-managedby --hosts=test2 test\n" +msgstr "" + +#: ipaserver/plugins/host.py:130 +msgid "" +"\n" +" Allow user to create a keytab:\n" +" ipa host-allow-create-keytab test2 --users=tuser1\n" +msgstr "" + +#: ipaserver/plugins/host.py:457 ipaserver/plugins/internal.py:1161 +#: ipaserver/plugins/internal.py:1282 +msgid "Host" +msgstr "" + +#: ipaserver/plugins/host.py:509 +msgid "Base-64 encoded host certificate" +msgstr "" + +#: ipaserver/plugins/host.py:512 ipaserver/plugins/cert.py:365 +#: ipaserver/plugins/cert.py:1502 ipaserver/plugins/internal.py:653 +#: ipaserver/plugins/internal.py:729 ipaserver/plugins/service.py:497 +#: ipaserver/plugins/baseuser.py:831 +msgid "Subject" +msgstr "" + +#: ipaserver/plugins/host.py:516 ipaserver/plugins/internal.py:696 +#: ipaserver/plugins/service.py:501 +msgid "Serial Number" +msgstr "" + +#: ipaserver/plugins/host.py:520 ipaserver/plugins/internal.py:697 +#: ipaserver/plugins/service.py:505 +msgid "Serial Number (hex)" +msgstr "" + +#: ipaserver/plugins/host.py:524 ipaserver/plugins/cert.py:425 +#: ipaserver/plugins/internal.py:726 ipaserver/plugins/service.py:509 +#: ipaserver/plugins/baseuser.py:824 +msgid "Issuer" +msgstr "" + +#: ipaserver/plugins/host.py:528 ipaserver/plugins/cert.py:431 +#: ipaserver/plugins/service.py:513 +msgid "Not Before" +msgstr "" + +#: ipaserver/plugins/host.py:532 ipaserver/plugins/cert.py:436 +#: ipaserver/plugins/service.py:517 +msgid "Not After" +msgstr "" + +#: ipaserver/plugins/host.py:536 ipaserver/plugins/cert.py:441 +#: ipaserver/plugins/service.py:521 +msgid "Fingerprint (SHA1)" +msgstr "" + +#: ipaserver/plugins/host.py:540 ipaserver/plugins/cert.py:446 +#: ipaserver/plugins/service.py:525 +msgid "Fingerprint (SHA256)" +msgstr "" + +#: ipaserver/plugins/host.py:544 ipaserver/plugins/cert.py:1283 +#: ipaserver/plugins/internal.py:650 ipaserver/plugins/internal.py:691 +#: ipaserver/plugins/service.py:529 +msgid "Revocation reason" +msgstr "" + +#: ipaserver/plugins/host.py:557 ipaserver/plugins/service.py:484 +#: ipaserver/plugins/baseuser.py:257 +msgid "Principal alias" +msgstr "" + +#: ipaserver/plugins/host.py:576 ipaserver/plugins/baseuser.py:353 +msgid "SSH public key fingerprint" +msgstr "" + +#: ipaserver/plugins/host.py:592 ipaserver/plugins/service.py:543 +msgid "Authentication Indicators" +msgstr "" + +#: ipaserver/plugins/host.py:593 ipaserver/plugins/service.py:544 +msgid "" +"Defines an allow list for Authentication Indicators. Use 'otp' to allow OTP-" +"based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA " +"authentications. Use 'pkinit' to allow PKINIT-based 2FA authentications. Use " +"'hardened' to allow brute-force hardened password authentication by SPAKE or " +"FAST. With no indicator specified, all authentication mechanisms are allowed." +msgstr "" + +#: ipaserver/plugins/host.py:663 +#, python-format +msgid "Added host \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/host.py:785 +#, python-format +msgid "Deleted host \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/host.py:790 +msgid "Remove A, AAAA, SSHFP and PTR records of the host(s) managed by IPA DNS" +msgstr "" + +#: ipaserver/plugins/host.py:869 +msgid "No A, AAAA, SSHFP or PTR records found." +msgstr "" + +#: ipaserver/plugins/host.py:885 +#, python-format +msgid "Modified host \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/host.py:905 +msgid "Password cannot be set on enrolled host." +msgstr "" + +#: ipaserver/plugins/host.py:909 +msgid "cn is immutable" +msgstr "" + +#: ipaserver/plugins/host.py:1033 +#, python-format +msgid "%(count)d host matched" +msgid_plural "%(count)d hosts matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/host.py:1188 +#, python-format +msgid "Disabled host \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/host.py:1363 +#, python-format +msgid "Added certificates to host \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/host.py:1370 +#, python-format +msgid "Removed certificates from host \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/host.py:1386 +msgid "Add new principal alias to host entry" +msgstr "" + +#: ipaserver/plugins/host.py:1387 +#, python-format +msgid "Added new aliases to host \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/host.py:1398 +msgid "Remove principal alias from a host entry" +msgstr "" + +#: ipaserver/plugins/host.py:1399 +#, python-format +msgid "Removed aliases from host \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:35 +msgid "" +"\n" +"Groups of hosts.\n" +"\n" +"Manage groups of hosts. This is useful for applying access control to a\n" +"number of hosts by using Host-based Access Control.\n" "\n" "EXAMPLES:\n" "\n" -" 1. Use all enabled HBAC rules in IPA database to simulate:\n" -" $ ipa hbactest --user=a1a --host=bar --service=sshd\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" -" Not matched rules: my-second-rule\n" -" Not matched rules: my-third-rule\n" -" Not matched rules: myrule\n" -" Matched rules: allow_all\n" +" Add a new host group:\n" +" ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n" "\n" -" 2. Disable detailed summary of how rules were applied:\n" -" $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" +" Add another new host group:\n" +" ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n" "\n" -" 3. Test explicitly specified HBAC rules:\n" -" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n" -" --rules=myrule --rules=my-second-rule\n" -" ---------------------\n" -" Access granted: False\n" -" ---------------------\n" -" Not matched rules: my-second-rule\n" -" Not matched rules: myrule\n" +" Add members to the hostgroup (using Bash brace expansion):\n" +" ipa hostgroup-add-member --hosts={box1,box2,box3} baltimore\n" "\n" -" 4. Use all enabled HBAC rules in IPA database + explicitly specified " -"rules:\n" -" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n" -" --rules=myrule --rules=my-second-rule --enabled\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" -" Not matched rules: my-second-rule\n" -" Not matched rules: my-third-rule\n" -" Not matched rules: myrule\n" -" Matched rules: allow_all\n" +" Add a hostgroup as a member of another hostgroup:\n" +" ipa hostgroup-add-member --hostgroups=baltimore maryland\n" "\n" -" 5. Test all disabled HBAC rules in IPA database:\n" -" $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n" -" ---------------------\n" -" Access granted: False\n" -" ---------------------\n" -" Not matched rules: new-rule\n" +" Remove a host from the hostgroup:\n" +" ipa hostgroup-remove-member --hosts=box2 baltimore\n" "\n" -" 6. Test all disabled HBAC rules in IPA database + explicitly specified " -"rules:\n" -" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n" -" --rules=myrule --rules=my-second-rule --disabled\n" -" ---------------------\n" -" Access granted: False\n" -" ---------------------\n" -" Not matched rules: my-second-rule\n" -" Not matched rules: my-third-rule\n" -" Not matched rules: myrule\n" +" Display a host group:\n" +" ipa hostgroup-show baltimore\n" "\n" -" 7. Test all (enabled and disabled) HBAC rules in IPA database:\n" -" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n" -" --enabled --disabled\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" -" Not matched rules: my-second-rule\n" -" Not matched rules: my-third-rule\n" -" Not matched rules: myrule\n" -" Not matched rules: new-rule\n" -" Matched rules: allow_all\n" +" Add a member manager:\n" +" ipa hostgroup-add-member-manager --users=user1 baltimore\n" "\n" +" Remove a member manager\n" +" ipa hostgroup-remove-member-manager --users=user1 baltimore\n" "\n" -"HBACTEST AND TRUSTED DOMAINS\n" -"\n" -"When an external trusted domain is configured in IPA, HBAC rules are also " -"applied\n" -"on users accessing IPA resources from the trusted domain. Trusted domain " -"users and\n" -"groups (and their SIDs) can be then assigned to external groups which can " -"be\n" -"members of POSIX groups in IPA which can be used in HBAC rules and thus " -"allowing\n" -"access to resources protected by the HBAC system.\n" -"\n" -"hbactest plugin is capable of testing access for both local IPA users and " -"users\n" -"from the trusted domains, either by a fully qualified user name or by user " -"SID.\n" -"Such user names need to have a trusted domain specified as a short name\n" -"(DOMAIN\\Administrator) or with a user principal name (UPN), " -"Administrator@ad.test.\n" -"\n" -"Please note that hbactest executed with a trusted domain user as --user " -"parameter\n" -"can be only run by members of \"trust admins\" group.\n" -"\n" -"EXAMPLES:\n" -"\n" -" 1. Test if a user from a trusted domain specified by its shortname " -"matches any\n" -" rule:\n" -"\n" -" $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --" -"service sshd\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" -" Matched rules: allow_all\n" -" Matched rules: can_login\n" -"\n" -" 2. Test if a user from a trusted domain specified by its domain name " -"matches\n" -" any rule:\n" -"\n" -" $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --" -"service sshd\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" -" Matched rules: allow_all\n" -" Matched rules: can_login\n" -"\n" -" 3. Test if a user from a trusted domain specified by its SID matches any " -"rule:\n" -"\n" -" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \\\\\n" -" --host `hostname` --service sshd\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" -" Matched rules: allow_all\n" -" Matched rules: can_login\n" -"\n" -" 4. Test if other user from a trusted domain specified by its SID matches " -"any rule:\n" -"\n" -" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \\" -"\\\n" -" --host `hostname` --service sshd\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" -" Matched rules: allow_all\n" -" Not matched rules: can_login\n" -"\n" -" 5. Test if other user from a trusted domain specified by its shortname " -"matches\n" -" any rule:\n" -"\n" -" $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service " -"sshd\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" -" Matched rules: allow_all\n" -" Not matched rules: can_login\n" +" Delete a hostgroup:\n" +" ipa hostgroup-del baltimore\n" msgstr "" -#: ipaserver/plugins/hbactest.py:384 -msgid "Unresolved rules in --rules" +#: ipaserver/plugins/hostgroup.py:107 +msgid "host groups" msgstr "" -#: ipaserver/plugins/hbactest.py:402 ipaserver/plugins/group.py:620 -#: ipaserver/plugins/group.py:677 -msgid "" -"Cannot perform external member validation without Samba 4 support installed. " -"Make sure you have installed server-trust-ad sub-package of IPA on the server" +#: ipaserver/plugins/hostgroup.py:179 +msgid "Host Group" msgstr "" -#: ipaserver/plugins/hbactest.py:497 +#: ipaserver/plugins/hostgroup.py:223 #, python-format -msgid "Access granted: %s" +msgid "Added hostgroup \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:239 +#, python-format +msgid "" +"netgroup with name \"%s\" already exists. Hostgroups and netgroups share a " +"common namespace" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:262 +#, python-format +msgid "Deleted hostgroup \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:266 ipaserver/plugins/hostgroup.py:284 +#: ipaserver/plugins/hostgroup.py:349 +msgid "hostgroup" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:268 ipaserver/plugins/hostgroup.py:286 +msgid "privileged hostgroup" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:278 +#, python-format +msgid "Modified hostgroup \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:303 +#, python-format +msgid "%(count)d hostgroup matched" +msgid_plural "%(count)d hostgroups matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/hostgroup.py:362 +msgid "Add users that can manage members of this hostgroup." +msgstr "" + +#: ipaserver/plugins/hostgroup.py:372 +msgid "Remove users that can manage members of this hostgroup." +msgstr "" + +#: ipaserver/plugins/vault.py:54 +msgid "" +"\n" +"Vaults\n" +msgstr "" + +#: ipaserver/plugins/vault.py:56 +msgid "" +"\n" +"Manage vaults.\n" +msgstr "" + +#: ipaserver/plugins/vault.py:58 +msgid "" +"\n" +"Vault is a secure place to store a secret. One vault can only\n" +"store one secret. When archiving a secret in a vault, the\n" +"existing secret (if any) is overwritten.\n" +msgstr "" + +#: ipaserver/plugins/vault.py:62 +msgid "" +"\n" +"Based on the ownership there are three vault categories:\n" +"* user/private vault\n" +"* service vault\n" +"* shared vault\n" +msgstr "" + +#: ipaserver/plugins/vault.py:67 +msgid "" +"\n" +"User vaults are vaults owned used by a particular user. Private\n" +"vaults are vaults owned the current user. Service vaults are\n" +"vaults owned by a service. Shared vaults are owned by the admin\n" +"but they can be used by other users or services.\n" +msgstr "" + +#: ipaserver/plugins/vault.py:72 +msgid "" +"\n" +"Based on the security mechanism there are three types of\n" +"vaults:\n" +"* standard vault\n" +"* symmetric vault\n" +"* asymmetric vault\n" +msgstr "" + +#: ipaserver/plugins/vault.py:78 +msgid "" +"\n" +"Standard vault uses a secure mechanism to transport and\n" +"store the secret. The secret can only be retrieved by users\n" +"that have access to the vault.\n" +msgstr "" + +#: ipaserver/plugins/vault.py:82 +msgid "" +"\n" +"Symmetric vault is similar to the standard vault, but it\n" +"pre-encrypts the secret using a password before transport.\n" +"The secret can only be retrieved using the same password.\n" +msgstr "" + +#: ipaserver/plugins/vault.py:86 +msgid "" +"\n" +"Asymmetric vault is similar to the standard vault, but it\n" +"pre-encrypts the secret using a public key before transport.\n" +"The secret can only be retrieved using the private key.\n" +msgstr "" + +#: ipaserver/plugins/vault.py:92 +msgid "" +"\n" +" List vaults:\n" +" ipa vault-find\n" +" [--user |--service |--shared]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:96 +msgid "" +"\n" +" Add a standard vault:\n" +" ipa vault-add \n" +" [--user |--service |--shared]\n" +" --type standard\n" +msgstr "" + +#: ipaserver/plugins/vault.py:101 +msgid "" +"\n" +" Add a symmetric vault:\n" +" ipa vault-add \n" +" [--user |--service |--shared]\n" +" --type symmetric --password-file password.txt\n" +msgstr "" + +#: ipaserver/plugins/vault.py:106 +msgid "" +"\n" +" Add an asymmetric vault:\n" +" ipa vault-add \n" +" [--user |--service |--shared]\n" +" --type asymmetric --public-key-file public.pem\n" +msgstr "" + +#: ipaserver/plugins/vault.py:111 +msgid "" +"\n" +" Show a vault:\n" +" ipa vault-show \n" +" [--user |--service |--shared]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:115 +msgid "" +"\n" +" Modify vault description:\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --desc \n" +msgstr "" + +#: ipaserver/plugins/vault.py:120 +msgid "" +"\n" +" Modify vault type:\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --type \n" +" [old password/private key]\n" +" [new password/public key]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:127 +msgid "" +"\n" +" Modify symmetric vault password:\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --change-password\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --old-password \n" +" --new-password \n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --old-password-file \n" +" --new-password-file \n" +msgstr "" + +#: ipaserver/plugins/vault.py:140 +msgid "" +"\n" +" Modify asymmetric vault keys:\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --private-key-file \n" +" --public-key-file \n" +msgstr "" + +#: ipaserver/plugins/vault.py:146 +msgid "" +"\n" +" Delete a vault:\n" +" ipa vault-del \n" +" [--user |--service |--shared]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:150 +msgid "" +"\n" +" Display vault configuration:\n" +" ipa vaultconfig-show\n" +msgstr "" + +#: ipaserver/plugins/vault.py:153 +msgid "" +"\n" +" Archive data into standard vault:\n" +" ipa vault-archive \n" +" [--user |--service |--shared]\n" +" --in \n" +msgstr "" + +#: ipaserver/plugins/vault.py:158 +msgid "" +"\n" +" Archive data into symmetric vault:\n" +" ipa vault-archive \n" +" [--user |--service |--shared]\n" +" --in \n" +" --password-file password.txt\n" +msgstr "" + +#: ipaserver/plugins/vault.py:164 +msgid "" +"\n" +" Archive data into asymmetric vault:\n" +" ipa vault-archive \n" +" [--user |--service |--shared]\n" +" --in \n" +msgstr "" + +#: ipaserver/plugins/vault.py:169 +msgid "" +"\n" +" Retrieve data from standard vault:\n" +" ipa vault-retrieve \n" +" [--user |--service |--shared]\n" +" --out \n" +msgstr "" + +#: ipaserver/plugins/vault.py:174 +msgid "" +"\n" +" Retrieve data from symmetric vault:\n" +" ipa vault-retrieve \n" +" [--user |--service |--shared]\n" +" --out \n" +" --password-file password.txt\n" +msgstr "" + +#: ipaserver/plugins/vault.py:180 +msgid "" +"\n" +" Retrieve data from asymmetric vault:\n" +" ipa vault-retrieve \n" +" [--user |--service |--shared]\n" +" --out --private-key-file private.pem\n" +msgstr "" + +#: ipaserver/plugins/vault.py:185 +msgid "" +"\n" +" Add vault owners:\n" +" ipa vault-add-owner \n" +" [--user |--service |--shared]\n" +" [--users ] [--groups ] [--services ]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:190 +msgid "" +"\n" +" Delete vault owners:\n" +" ipa vault-remove-owner \n" +" [--user |--service |--shared]\n" +" [--users ] [--groups ] [--services ]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:195 +msgid "" +"\n" +" Add vault members:\n" +" ipa vault-add-member \n" +" [--user |--service |--shared]\n" +" [--users ] [--groups ] [--services ]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:200 +msgid "" +"\n" +" Delete vault members:\n" +" ipa vault-remove-member \n" +" [--user |--service |--shared]\n" +" [--users ] [--groups ] [--services ]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:252 +msgid "" +"\n" +" Vault Container object.\n" +" " +msgstr "" + +#: ipaserver/plugins/vault.py:258 +msgid "vaultcontainer" +msgstr "" + +#: ipaserver/plugins/vault.py:259 +msgid "vaultcontainers" +msgstr "" + +#: ipaserver/plugins/vault.py:267 +msgid "Vault Containers" +msgstr "" + +#: ipaserver/plugins/vault.py:268 +msgid "Vault Container" +msgstr "" + +#: ipaserver/plugins/vault.py:357 +msgid "Service, shared and user options cannot be specified simultaneously" +msgstr "" + +#: ipaserver/plugins/vault.py:367 ipaserver/plugins/vault.py:683 +msgid "Host is not supported" +msgstr "" + +#: ipaserver/plugins/vault.py:409 ipaserver/plugins/vault.py:433 +#: ipaserver/plugins/vault.py:786 ipaserver/plugins/vault.py:824 +#: ipaserver/plugins/vault.py:880 ipaserver/plugins/vault.py:936 +#: ipaserver/plugins/vault.py:958 ipaserver/plugins/vault.py:1000 +#: ipaserver/plugins/vault.py:1044 ipaserver/plugins/vault.py:1113 +msgid "KRA service is not enabled" +msgstr "" + +#: ipaserver/plugins/vault.py:424 +msgid "Deleted vault container" +msgstr "" + +#: ipaserver/plugins/vault.py:449 ipaserver/plugins/vault.py:474 +#: ipaserver/plugins/vault.py:1164 ipaserver/plugins/vault.py:1189 +#, python-format +msgid "owner %s" +msgstr "" + +#: ipaserver/plugins/vault.py:494 +msgid "" +"\n" +" Vault object.\n" +" " +msgstr "" + +#: ipaserver/plugins/vault.py:500 +msgid "vault" +msgstr "" + +#: ipaserver/plugins/vault.py:501 +msgid "vaults" +msgstr "" + +#: ipaserver/plugins/vault.py:524 +msgid "Vaults" +msgstr "" + +#: ipaserver/plugins/vault.py:525 +msgid "Vault" +msgstr "" + +#: ipaserver/plugins/vault.py:668 +msgid "Service, shared, and user options cannot be specified simultaneously" +msgstr "" + +#: ipaserver/plugins/vault.py:772 +msgid "Add a vault." +msgstr "" + +#: ipaserver/plugins/vault.py:778 +#, python-format +msgid "Added vault \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/vault.py:817 +#, python-format +msgid "Deleted vault \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/vault.py:869 +#, python-format +msgid "%(count)d vault matched" +msgid_plural "%(count)d vaults matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/vault.py:887 +msgid "" +"Service(s), shared, and user(s) options cannot be specified simultaneously" +msgstr "" + +#: ipaserver/plugins/vault.py:927 +#, python-format +msgid "Modified vault \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/vault.py:969 +msgid "Vault configuration" +msgstr "" + +#: ipaserver/plugins/vault.py:978 ipaserver/plugins/config.py:302 +msgid "IPA KRA servers" +msgstr "" + +#: ipaserver/plugins/vault.py:979 +msgid "IPA servers configured as key recovery agents" +msgstr "" + +#: ipaserver/plugins/vault.py:1038 +#, python-format +msgid "Archived data into vault \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/vault.py:1094 +msgid "Retrieve data from a vault." +msgstr "" + +#: ipaserver/plugins/vault.py:1107 +#, python-format +msgid "Retrieved data from vault \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/vault.py:1133 +msgid "No archived data." +msgstr "" + +#: ipaserver/plugins/vault.py:1223 +msgid "Checks if any of the servers has the KRA service enabled" msgstr "" #: ipaserver/plugins/netgroup.py:103 @@ -16015,6 +16016,2833 @@ msgid_plural "%(count)d RADIUS proxy servers matched" msgstr[0] "" msgstr[1] "" +#: ipaserver/plugins/cert.py:64 ipaserver/plugins/hbactest.py:39 +msgid "pyhbac is not installed." +msgstr "" + +#: ipaserver/plugins/cert.py:69 +msgid "" +"\n" +"IPA certificate operations\n" +msgstr "" + +#: ipaserver/plugins/cert.py:71 +msgid "" +"\n" +"Implements a set of commands for managing server SSL certificates.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:73 +msgid "" +"\n" +"Certificate requests exist in the form of a Certificate Signing Request " +"(CSR)\n" +"in PEM format.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:76 +msgid "" +"\n" +"The dogtag CA uses just the CN value of the CSR and forces the rest of the\n" +"subject to values configured in the server.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:79 +msgid "" +"\n" +"A certificate is stored with a service principal and a service principal\n" +"needs a host.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:82 +msgid "" +"\n" +"In order to request a certificate:\n" +msgstr "" + +#: ipaserver/plugins/cert.py:84 +msgid "" +"\n" +"* The host must exist\n" +"* The service must exist (or you use the --add option to automatically add " +"it)\n" +msgstr "" + +#: ipaserver/plugins/cert.py:87 +msgid "" +"\n" +"SEARCHING:\n" +msgstr "" + +#: ipaserver/plugins/cert.py:89 +msgid "" +"\n" +"Certificates may be searched on by certificate subject, serial number,\n" +"revocation reason, validity dates and the issued date.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:92 +msgid "" +"\n" +"When searching on dates the _from date does a >= search and the _to date\n" +"does a <= search. When combined these are done as an AND.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:95 +msgid "" +"\n" +"Dates are treated as GMT to match the dates in the certificates.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:97 +msgid "" +"\n" +"The date format is YYYY-mm-dd.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:101 +msgid "" +"\n" +" Request a new certificate and add the principal:\n" +" ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n" +msgstr "" + +#: ipaserver/plugins/cert.py:104 +msgid "" +"\n" +" Retrieve an existing certificate:\n" +" ipa cert-show 1032\n" +msgstr "" + +#: ipaserver/plugins/cert.py:107 +msgid "" +"\n" +" Revoke a certificate (see RFC 5280 for reason details):\n" +" ipa cert-revoke --revocation-reason=6 1032\n" +msgstr "" + +#: ipaserver/plugins/cert.py:110 +msgid "" +"\n" +" Remove a certificate from revocation hold status:\n" +" ipa cert-remove-hold 1032\n" +msgstr "" + +#: ipaserver/plugins/cert.py:113 +msgid "" +"\n" +" Check the status of a signing request:\n" +" ipa cert-status 10\n" +msgstr "" + +#: ipaserver/plugins/cert.py:116 +msgid "" +"\n" +" Search for certificates by hostname:\n" +" ipa cert-find --subject=ipaserver.example.com\n" +msgstr "" + +#: ipaserver/plugins/cert.py:119 +msgid "" +"\n" +" Search for revoked certificates by reason:\n" +" ipa cert-find --revocation-reason=5\n" +msgstr "" + +#: ipaserver/plugins/cert.py:122 +msgid "" +"\n" +" Search for certificates based on issuance date\n" +" ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n" +msgstr "" + +#: ipaserver/plugins/cert.py:125 +msgid "" +"\n" +" Search for certificates owned by a specific user:\n" +" ipa cert-find --user=user\n" +msgstr "" + +#: ipaserver/plugins/cert.py:128 +msgid "" +"\n" +" Examine a certificate:\n" +" ipa cert-find --file=cert.pem --all\n" +msgstr "" + +#: ipaserver/plugins/cert.py:131 +msgid "" +"\n" +" Verify that a certificate is owned by a specific user:\n" +" ipa cert-find --file=cert.pem --user=user\n" +msgstr "" + +#: ipaserver/plugins/cert.py:134 +msgid "" +"\n" +"IPA currently immediately issues (or declines) all certificate requests so\n" +"the status of a request is not normally useful. This is for future use\n" +"or the case where a CA does not immediately issue a certificate.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:138 +msgid "" +"\n" +"The following revocation reasons are supported:\n" +"\n" +msgstr "" + +#: ipaserver/plugins/cert.py:141 +msgid " * 0 - unspecified\n" +msgstr "" + +#: ipaserver/plugins/cert.py:142 +msgid " * 1 - keyCompromise\n" +msgstr "" + +#: ipaserver/plugins/cert.py:143 +msgid " * 2 - cACompromise\n" +msgstr "" + +#: ipaserver/plugins/cert.py:144 +msgid " * 3 - affiliationChanged\n" +msgstr "" + +#: ipaserver/plugins/cert.py:145 +msgid " * 4 - superseded\n" +msgstr "" + +#: ipaserver/plugins/cert.py:146 +msgid " * 5 - cessationOfOperation\n" +msgstr "" + +#: ipaserver/plugins/cert.py:147 +msgid " * 6 - certificateHold\n" +msgstr "" + +#: ipaserver/plugins/cert.py:148 +msgid " * 8 - removeFromCRL\n" +msgstr "" + +#: ipaserver/plugins/cert.py:149 +msgid " * 9 - privilegeWithdrawn\n" +msgstr "" + +#: ipaserver/plugins/cert.py:150 +msgid " * 10 - aACompromise\n" +msgstr "" + +#: ipaserver/plugins/cert.py:151 +msgid "" +"\n" +"Note that reason code 7 is not used. See RFC 5280 for more details:\n" +msgstr "" + +#: ipaserver/plugins/cert.py:153 +msgid "" +"\n" +"http://www.ietf.org/rfc/rfc5280.txt\n" +"\n" +msgstr "" + +#: ipaserver/plugins/cert.py:283 ipaserver/plugins/certprofile.py:86 +msgid "CA is not configured" +msgstr "" + +#: ipaserver/plugins/cert.py:289 +#, python-format +msgid "" +"Principal '%(principal)s' is not permitted to use CA '%(ca)s' with profile " +"'%(profile_id)s' for certificate issuance." +msgstr "" + +#: ipaserver/plugins/cert.py:309 +msgid "enabledService/configuredService not in ipaConfigString kdc entry" +msgstr "" + +#: ipaserver/plugins/cert.py:313 +#, python-format +msgid "Host '%(hostname)s' is not an active KDC" +msgstr "" + +#: ipaserver/plugins/cert.py:347 +msgid "Issuing CA" +msgstr "" + +#: ipaserver/plugins/cert.py:348 +msgid "Name of issuing CA" +msgstr "" + +#: ipaserver/plugins/cert.py:354 ipaserver/plugins/ca.py:113 +msgid "Base-64 encoded certificate." +msgstr "" + +#: ipaserver/plugins/cert.py:359 ipaserver/plugins/ca.py:118 +msgid "Certificate chain" +msgstr "" + +#: ipaserver/plugins/cert.py:360 ipaserver/plugins/ca.py:119 +msgid "X.509 certificate chain" +msgstr "" + +#: ipaserver/plugins/cert.py:370 +msgid "Subject email address" +msgstr "" + +#: ipaserver/plugins/cert.py:375 +msgid "Subject DNS name" +msgstr "" + +#: ipaserver/plugins/cert.py:380 +msgid "Subject X.400 address" +msgstr "" + +#: ipaserver/plugins/cert.py:385 +msgid "Subject directory name" +msgstr "" + +#: ipaserver/plugins/cert.py:390 +msgid "Subject EDI Party name" +msgstr "" + +#: ipaserver/plugins/cert.py:395 +msgid "Subject URI" +msgstr "" + +#: ipaserver/plugins/cert.py:400 +msgid "Subject IP Address" +msgstr "" + +#: ipaserver/plugins/cert.py:405 +msgid "Subject OID" +msgstr "" + +#: ipaserver/plugins/cert.py:410 +msgid "Subject UPN" +msgstr "" + +#: ipaserver/plugins/cert.py:415 +msgid "Subject Kerberos principal name" +msgstr "" + +#: ipaserver/plugins/cert.py:420 +msgid "Subject Other Name" +msgstr "" + +#: ipaserver/plugins/cert.py:426 ipaserver/plugins/ca.py:106 +msgid "Issuer DN" +msgstr "" + +#: ipaserver/plugins/cert.py:458 +msgid "Serial number (hex)" +msgstr "" + +#: ipaserver/plugins/cert.py:584 +msgid "Request status" +msgstr "" + +#: ipaserver/plugins/cert.py:599 ipaserver/plugins/ca.py:237 +msgid "Include certificate chain in output" +msgstr "" + +#: ipaserver/plugins/cert.py:630 +msgid "" +"automatically add the principal if it doesn't exist (service principals only)" +msgstr "" + +#: ipaserver/plugins/cert.py:679 +#, python-format +msgid "krbtgt certs can use only the %s profile" +msgstr "" + +#: ipaserver/plugins/cert.py:731 +msgid "No Common Name was found in subject of request." +msgstr "" + +#: ipaserver/plugins/cert.py:739 +#, python-format +msgid "" +"hostname in subject of request '%(cn)s' does not match name or aliases of " +"principal '%(principal)s'" +msgstr "" + +#: ipaserver/plugins/cert.py:745 +#, python-format +msgid "" +"hostname in subject of request '%(cn)s' does not match principal hostname " +"'%(hostname)s'" +msgstr "" + +#: ipaserver/plugins/cert.py:754 +msgid "DN commonName does not match user's login" +msgstr "" + +#: ipaserver/plugins/cert.py:768 +msgid "DN emailAddress does not match any of user's email addresses" +msgstr "" + +#: ipaserver/plugins/cert.py:777 +#, python-format +msgid "" +"Insufficient 'write' privilege to the 'userCertificate' attribute of entry " +"'%s'." +msgstr "" + +#: ipaserver/plugins/cert.py:798 ipaserver/plugins/cert.py:916 +#, python-format +msgid "subject alt name type %s is forbidden for user principals" +msgstr "" + +#: ipaserver/plugins/cert.py:843 +#, python-format +msgid "" +"The service principal for subject alt name %s in certificate request does " +"not exist" +msgstr "" + +#: ipaserver/plugins/cert.py:874 +#, python-format +msgid "" +"Insufficient privilege to create a certificate with subject alt name '%s'." +msgstr "" + +#: ipaserver/plugins/cert.py:892 +#, python-format +msgid "Principal '%s' in subject alt name does not match requested principal" +msgstr "" + +#: ipaserver/plugins/cert.py:901 +msgid "RFC822Name does not match any of user's email addresses" +msgstr "" + +#: ipaserver/plugins/cert.py:908 +#, python-format +msgid "subject alt name type %s is forbidden for non-user principals" +msgstr "" + +#: ipaserver/plugins/cert.py:925 +#, python-format +msgid "Subject alt name type %s is forbidden" +msgstr "" + +#: ipaserver/plugins/cert.py:943 +#, python-format +msgid "CA '%s' is disabled" +msgstr "" + +#: ipaserver/plugins/cert.py:1030 +msgid "'add' option" +msgstr "" + +#: ipaserver/plugins/cert.py:1034 +msgid "The principal for this request doesn't exist." +msgstr "" + +#: ipaserver/plugins/cert.py:1150 +#, python-format +msgid "IP address in subjectAltName (%s) unreachable from DNS names" +msgstr "" + +#: ipaserver/plugins/cert.py:1167 +#, python-format +msgid "IP address in subjectAltName (%s) does not have PTR record" +msgstr "" + +#: ipaserver/plugins/cert.py:1179 +#, python-format +msgid "PTR record for SAN IP (%s) does not match A/AAAA records" +msgstr "" + +#: ipaserver/plugins/cert.py:1273 ipaserver/plugins/internal.py:700 +#: ipaserver/plugins/internal.py:1030 ipaserver/plugins/internal.py:1332 +#: ipaserver/plugins/internal.py:1916 +msgid "Status" +msgstr "" + +#: ipaserver/plugins/cert.py:1278 +msgid "Revoked" +msgstr "" + +#: ipaserver/plugins/cert.py:1284 +msgid "" +"Reason for revoking the certificate (0-10). Type \"ipa help cert\" for " +"revocation reason details. " +msgstr "" + +#: ipaserver/plugins/cert.py:1306 +#, python-format +msgid "Owner %s" +msgstr "" + +#: ipaserver/plugins/cert.py:1393 +#, python-format +msgid "" +"Certificate with serial number %(serial)s issued by CA '%(ca)s' not found" +msgstr "" + +#: ipaserver/plugins/cert.py:1462 +msgid "7 is not a valid revocation reason" +msgstr "" + +#: ipaserver/plugins/cert.py:1564 +msgid "Results should contain primary key attribute only (\"certificate\")" +msgstr "" + +#: ipaserver/plugins/cert.py:1580 +#, python-format +msgid "%(count)d certificate matched" +msgid_plural "%(count)d certificates matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/cert.py:1602 +#, python-format +msgid "Search for certificates with these owner %s." +msgstr "" + +#: ipaserver/plugins/cert.py:1613 +#, python-format +msgid "Search for certificates without these owner %s." +msgstr "" + +#: ipaserver/plugins/aci.py:165 +msgid "A list of ACI values" +msgstr "" + +#: ipaserver/plugins/aci.py:229 +msgid "type, filter, subtree and targetgroup are mutually exclusive" +msgstr "" + +#: ipaserver/plugins/aci.py:232 +msgid "ACI prefix is required" +msgstr "" + +#: ipaserver/plugins/aci.py:235 +msgid "" +"at least one of: type, filter, subtree, targetgroup, attrs or memberof are " +"required" +msgstr "" + +#: ipaserver/plugins/aci.py:238 +msgid "filter and memberof are mutually exclusive" +msgstr "" + +#: ipaserver/plugins/aci.py:244 +msgid "group, permission and self are mutually exclusive" +msgstr "" + +#: ipaserver/plugins/aci.py:246 +msgid "One of group, permission or self is required" +msgstr "" + +#: ipaserver/plugins/aci.py:269 +#, python-format +msgid "Group '%s' does not exist" +msgstr "" + +#: ipaserver/plugins/aci.py:295 +msgid "empty filter" +msgstr "" + +#: ipaserver/plugins/aci.py:316 +#, python-format +msgid "Syntax Error: %(error)s" +msgstr "" + +#: ipaserver/plugins/aci.py:361 +#, python-format +msgid "invalid DN (%s)" +msgstr "" + +#: ipaserver/plugins/aci.py:408 +#, python-format +msgid "ACI with name \"%s\" not found" +msgstr "" + +#: ipaserver/plugins/aci.py:437 +msgid "ACI object." +msgstr "" + +#: ipaserver/plugins/aci.py:440 +msgid "ACIs" +msgstr "" + +#: ipaserver/plugins/aci.py:514 ipaserver/plugins/permission.py:359 +#: ipaserver/plugins/selfservice.py:94 ipaserver/plugins/delegation.py:101 +msgid "ACI" +msgstr "" + +#: ipaserver/plugins/aci.py:524 +#, python-format +msgid "Created ACI \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/aci.py:577 +#, python-format +msgid "Deleted ACI \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/aci.py:620 +#, python-format +msgid "Modified ACI \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/aci.py:694 +#, python-format +msgid "%(count)d ACI matched" +msgid_plural "%(count)d ACIs matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/aci.py:929 +#, python-format +msgid "Renamed ACI to \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/group.py:62 +msgid "" +"\n" +"Groups of users\n" +"\n" +"Manage groups of users, groups, or services. By default, new groups are " +"POSIX\n" +"groups. You can add the --nonposix option to the group-add command to mark " +"a\n" +"new group as non-POSIX. You can use the --posix argument with the group-mod\n" +"command to convert a non-POSIX group into a POSIX group. POSIX groups cannot " +"be\n" +"converted to non-POSIX groups.\n" +"\n" +"Every group must have a description.\n" +"\n" +"POSIX groups must have a Group ID (GID) number. Changing a GID is\n" +"supported but can have an impact on your file permissions. It is not " +"necessary\n" +"to supply a GID when creating a group. IPA will generate one automatically\n" +"if it is not provided.\n" +"\n" +"Groups members can be users, other groups, and Kerberos services. In POSIX\n" +"environments only users will be visible as group members, but nested groups " +"and\n" +"groups of services can be used for IPA management purposes.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new group:\n" +" ipa group-add --desc='local administrators' localadmins\n" +"\n" +" Add a new non-POSIX group:\n" +" ipa group-add --nonposix --desc='remote administrators' remoteadmins\n" +"\n" +" Convert a non-POSIX group to posix:\n" +" ipa group-mod --posix remoteadmins\n" +"\n" +" Add a new POSIX group with a specific Group ID number:\n" +" ipa group-add --gid=500 --desc='unix admins' unixadmins\n" +"\n" +" Add a new POSIX group and let IPA assign a Group ID number:\n" +" ipa group-add --desc='printer admins' printeradmins\n" +"\n" +" Remove a group:\n" +" ipa group-del unixadmins\n" +"\n" +" To add the \"remoteadmins\" group to the \"localadmins\" group:\n" +" ipa group-add-member --groups=remoteadmins localadmins\n" +"\n" +" Add multiple users to the \"localadmins\" group:\n" +" ipa group-add-member --users=test1 --users=test2 localadmins\n" +"\n" +" To add Kerberos services to the \"printer admins\" group:\n" +" ipa group-add-member --services=CUPS/some.host printeradmins\n" +"\n" +" Remove a user from the \"localadmins\" group:\n" +" ipa group-remove-member --users=test2 localadmins\n" +"\n" +" Display information about a named group.\n" +" ipa group-show localadmins\n" +"\n" +"Group membership managers are users or groups that can add members to a\n" +"group or remove members from a group.\n" +"\n" +" Allow user \"test2\" to add or remove members from group \"localadmins\":\n" +" ipa group-add-member-manager --users=test2 localadmins\n" +"\n" +" Revoke membership management rights for user \"test2\" from \"localadmins" +"\":\n" +" ipa group-remove-member-manager --users=test2 localadmins\n" +"\n" +"External group membership is designed to allow users from trusted domains\n" +"to be mapped to local POSIX groups in order to actually use IPA resources.\n" +"External members should be added to groups that specifically created as\n" +"external and non-POSIX. Such group later should be included into one of " +"POSIX\n" +"groups.\n" +"\n" +"An external group member is currently a Security Identifier (SID) as defined " +"by\n" +"the trusted domain. When adding external group members, it is possible to\n" +"specify them in either SID, or DOM\\name, or name@domain format. IPA will " +"attempt\n" +"to resolve passed name to SID with the use of Global Catalog of the trusted " +"domain.\n" +"\n" +"Example:\n" +"\n" +"1. Create group for the trusted domain admins' mapping and their local POSIX " +"group:\n" +"\n" +" ipa group-add --desc=' admins external map' ad_admins_external " +"--external\n" +" ipa group-add --desc=' admins' ad_admins\n" +"\n" +"2. Add security identifier of Domain Admins of the to the " +"ad_admins_external\n" +" group:\n" +"\n" +" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" +"\n" +"3. Allow members of ad_admins_external group to be associated with ad_admins " +"POSIX group:\n" +"\n" +" ipa group-add-member ad_admins --groups ad_admins_external\n" +"\n" +"4. List members of external members of ad_admins_external group to see their " +"SIDs:\n" +"\n" +" ipa group-show ad_admins_external\n" +msgstr "" + +#: ipaserver/plugins/group.py:195 +msgid "groups" +msgstr "" + +#: ipaserver/plugins/group.py:328 +msgid "User Group" +msgstr "" + +#: ipaserver/plugins/group.py:360 +#, python-format +msgid "Added group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/group.py:383 +msgid "gid cannot be set for external group" +msgstr "" + +#: ipaserver/plugins/group.py:395 +#, python-format +msgid "Deleted group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/group.py:409 +msgid "privileged group" +msgstr "" + +#: ipaserver/plugins/group.py:442 +#, python-format +msgid "Modified group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/group.py:517 +#, python-format +msgid "%(count)d group matched" +msgid_plural "%(count)d groups matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/group.py:620 ipaserver/plugins/group.py:677 +#: ipaserver/plugins/hbactest.py:402 +msgid "" +"Cannot perform external member validation without Samba 4 support installed. " +"Make sure you have installed server-trust-ad sub-package of IPA on the server" +msgstr "" + +#: ipaserver/plugins/group.py:625 ipaserver/plugins/group.py:682 +#: ipaserver/plugins/trust.py:873 +msgid "" +"Cannot perform join operation without own domain configured. Make sure you " +"have run ipa-adtrust-install on the IPA server first" +msgstr "" + +#: ipaserver/plugins/group.py:716 +#, python-format +msgid "Detached group \"%(value)s\" from user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/group.py:741 +msgid "not allowed to modify user entries" +msgstr "" + +#: ipaserver/plugins/group.py:752 +msgid "not allowed to modify group entries" +msgstr "" + +#: ipaserver/plugins/group.py:772 +msgid "Not a managed group" +msgstr "" + +#: ipaserver/plugins/group.py:794 +msgid "Add users that can manage members of this group." +msgstr "" + +#: ipaserver/plugins/group.py:802 +msgid "Remove users that can manage members of this group." +msgstr "" + +#: ipaserver/plugins/join.py:125 +#, python-format +msgid "" +"Insufficient 'write' privilege to the 'krbLastPwdChange' attribute of entry " +"'%s'." +msgstr "" + +#: ipaserver/plugins/dogtag.py:1243 +msgid "REST API is not logged in." +msgstr "" + +#: ipaserver/plugins/dogtag.py:1265 +#, python-format +msgid "Non-2xx response from CA REST API: %(status)d. %(explanation)s" +msgstr "" + +#: ipaserver/plugins/dogtag.py:1291 +msgid "Unable to communicate with CMS" +msgstr "" + +#: ipaserver/plugins/dogtag.py:1481 ipaserver/plugins/dogtag.py:1567 +#: ipaserver/plugins/dogtag.py:2073 ipaserver/plugins/dogtag.py:2083 +msgid "Response from CA was not valid JSON" +msgstr "" + +#: ipaserver/plugins/sudo.py:7 +msgid "commands for controlling sudo configuration" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:33 +msgid "" +"\n" +"Sudo Commands\n" +"\n" +"Commands used as building blocks for sudo\n" +"\n" +"EXAMPLES:\n" +"\n" +" Create a new command\n" +" ipa sudocmd-add --desc='For reading log files' /usr/bin/less\n" +"\n" +" Remove a command\n" +" ipa sudocmd-del /usr/bin/less\n" +"\n" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:58 +msgid "sudo command" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:59 +msgid "sudo commands" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:111 +msgid "Sudo Commands" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:148 +#, python-format +msgid "Added Sudo Command \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:155 +#, python-format +msgid "Deleted Sudo Command \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:188 +#, python-format +msgid "Modified Sudo Command \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:196 +#, python-format +msgid "%(count)d Sudo Command matched" +msgid_plural "%(count)d Sudo Commands matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/sudocmdgroup.py:34 +msgid "" +"\n" +"Groups of Sudo Commands\n" +"\n" +"Manage groups of Sudo Commands.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new Sudo Command Group:\n" +" ipa sudocmdgroup-add --desc='administrators commands' admincmds\n" +"\n" +" Remove a Sudo Command Group:\n" +" ipa sudocmdgroup-del admincmds\n" +"\n" +" Manage Sudo Command Group membership, commands:\n" +" ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less --sudocmds=/usr/bin/" +"vim admincmds\n" +"\n" +" Manage Sudo Command Group membership, commands:\n" +" ipa sudocmdgroup-remove-member --sudocmds=/usr/bin/less admincmds\n" +"\n" +" Show a Sudo Command Group:\n" +" ipa sudocmdgroup-show admincmds\n" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:67 +msgid "sudo command group" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:68 +msgid "sudo command groups" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:149 +#, python-format +msgid "Added Sudo Command Group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:157 +#, python-format +msgid "Deleted Sudo Command Group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:165 +#, python-format +msgid "Modified Sudo Command Group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:174 +#, python-format +msgid "%(count)d Sudo Command Group matched" +msgid_plural "%(count)d Sudo Command Groups matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/realmdomains.py:34 +msgid "" +"\n" +"Realm domains\n" +"\n" +"Manage the list of domains associated with IPA realm.\n" +"\n" +"This list is useful for Domain Controllers from other realms which have\n" +"established trust with this IPA realm. They need the information to know\n" +"which request should be forwarded to KDC of this IPA realm.\n" +"\n" +"Automatic management: a domain is automatically added to the realm domains\n" +"list when a new DNS Zone managed by IPA is created. Same applies for " +"deletion.\n" +"\n" +"Externally managed DNS: domains which are not managed in IPA server DNS\n" +"need to be manually added to the list using ipa realmdomains-mod command.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Display the current list of realm domains:\n" +" ipa realmdomains-show\n" +"\n" +" Replace the list of realm domains:\n" +" ipa realmdomains-mod --domain=example.com\n" +" ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n" +"\n" +" Add a domain to the list of realm domains:\n" +" ipa realmdomains-mod --add-domain=newdomain.com\n" +"\n" +" Delete a domain from the list of realm domains:\n" +" ipa realmdomains-mod --del-domain=olddomain.com\n" +msgstr "" + +#: ipaserver/plugins/realmdomains.py:85 +msgid "Realm domains" +msgstr "" + +#: ipaserver/plugins/realmdomains.py:107 ipaserver/plugins/realmdomains.py:108 +#: ipaserver/plugins/internal.py:1259 +msgid "Realm Domains" +msgstr "" + +#: ipaserver/plugins/realmdomains.py:134 +msgid "" +"\n" +" Modify realm domains\n" +"\n" +" DNS check: When manually adding a domain to the list, a DNS check is\n" +" performed by default. It ensures that the domain is associated with\n" +" the IPA realm, by checking whether the domain has a _kerberos TXT " +"record\n" +" containing the IPA realm name. This check can be skipped by specifying\n" +" --force option.\n" +"\n" +" Removal: when a realm domain which has a matching DNS zone managed by\n" +" IPA is being removed, a corresponding _kerberos TXT record in the zone " +"is\n" +" removed automatically as well. Other records in the zone or the zone\n" +" itself are not affected.\n" +" " +msgstr "" + +#: ipaserver/plugins/realmdomains.py:177 +#, python-format +msgid "" +"DNS zone for each realmdomain must contain SOA or NS records. No records " +"found for: %s" +msgstr "" + +#: ipaserver/plugins/realmdomains.py:203 +#, python-format +msgid "The following domains do not belong to this realm: %(domains)s" +msgstr "" + +#: ipaserver/plugins/realmdomains.py:218 +#, python-format +msgid "" +"The realm of the following domains could not be detected: %(domains)s. If " +"these are domains that belong to the this realm, please create a _kerberos " +"TXT record containing \"%(realm)s\" in each of them." +msgstr "" + +#: ipaserver/plugins/realmdomains.py:241 +msgid "" +"The --domain option cannot be used together with --add-domain or --del-" +"domain. Use --domain to specify the whole realm domain list explicitly, to " +"add/remove individual domains, use --add-domain/del-domain." +msgstr "" + +#: ipaserver/plugins/realmdomains.py:252 +msgid "IPA server domain cannot be omitted" +msgstr "" + +#: ipaserver/plugins/realmdomains.py:274 +msgid "IPA server domain cannot be deleted" +msgstr "" + +#: ipaserver/plugins/permission.py:40 +msgid "" +"\n" +"Permissions\n" +msgstr "" + +#: ipaserver/plugins/permission.py:42 +msgid "" +"\n" +"A permission enables fine-grained delegation of rights. A permission is\n" +"a human-readable wrapper around a 389-ds Access Control Rule,\n" +"or instruction (ACI).\n" +"A permission grants the right to perform a specific task such as adding a\n" +"user, modifying a group, etc.\n" +msgstr "" + +#: ipaserver/plugins/permission.py:48 +msgid "" +"\n" +"A permission may not contain other permissions.\n" +msgstr "" + +#: ipaserver/plugins/permission.py:50 +msgid "" +"\n" +"* A permission grants access to read, write, add, delete, read, search,\n" +" or compare.\n" +"* A privilege combines similar permissions (for example all the permissions\n" +" needed to add a user).\n" +"* A role grants a set of privileges to users, groups, hosts or hostgroups.\n" +msgstr "" + +#: ipaserver/plugins/permission.py:56 +msgid "" +"\n" +"A permission is made up of a number of different parts:\n" +"\n" +"1. The name of the permission.\n" +"2. The target of the permission.\n" +"3. The rights granted by the permission.\n" +msgstr "" + +#: ipaserver/plugins/permission.py:62 +msgid "" +"\n" +"Rights define what operations are allowed, and may be one or more\n" +"of the following:\n" +"1. write - write one or more attributes\n" +"2. read - read one or more attributes\n" +"3. search - search on one or more attributes\n" +"4. compare - compare one or more attributes\n" +"5. add - add a new entry to the tree\n" +"6. delete - delete an existing entry\n" +"7. all - all permissions are granted\n" +msgstr "" + +#: ipaserver/plugins/permission.py:72 +msgid "" +"\n" +"Note the distinction between attributes and entries. The permissions are\n" +"independent, so being able to add a user does not mean that the user will\n" +"be editable.\n" +msgstr "" + +#: ipaserver/plugins/permission.py:76 +msgid "" +"\n" +"There are a number of allowed targets:\n" +"1. subtree: a DN; the permission applies to the subtree under this DN\n" +"2. target filter: an LDAP filter\n" +"3. target: DN with possible wildcards, specifies entries permission applies " +"to\n" +msgstr "" + +#: ipaserver/plugins/permission.py:81 +msgid "" +"\n" +"Additionally, there are the following convenience options.\n" +"Setting one of these options will set the corresponding attribute(s).\n" +"1. type: a type of object (user, group, etc); sets subtree and target " +"filter.\n" +"2. memberof: apply to members of a group; sets target filter\n" +"3. targetgroup: grant access to modify a specific group (such as granting\n" +" the rights to manage group membership); sets target.\n" +msgstr "" + +#: ipaserver/plugins/permission.py:88 +msgid "" +"\n" +"Managed permissions\n" +msgstr "" + +#: ipaserver/plugins/permission.py:90 +msgid "" +"\n" +"Permissions that come with IPA by default can be so-called \"managed\"\n" +"permissions. These have a default set of attributes they apply to,\n" +"but the administrator can add/remove individual attributes to/from the set.\n" +msgstr "" + +#: ipaserver/plugins/permission.py:94 +msgid "" +"\n" +"Deleting or renaming a managed permission, as well as changing its target,\n" +"is not allowed.\n" +msgstr "" + +#: ipaserver/plugins/permission.py:99 +msgid "" +"\n" +" Add a permission that grants the creation of users:\n" +" ipa permission-add --type=user --permissions=add \"Add Users\"\n" +msgstr "" + +#: ipaserver/plugins/permission.py:102 +msgid "" +"\n" +" Add a permission that grants the ability to manage group membership:\n" +" ipa permission-add --attrs=member --permissions=write --type=group " +"\"Manage Group Members\"\n" +msgstr "" + +#: ipaserver/plugins/permission.py:129 +msgid "must be enclosed in parentheses" +msgstr "" + +#: ipaserver/plugins/permission.py:149 +#, python-format +msgid "\"%s\" is not an object type" +msgstr "" + +#: ipaserver/plugins/permission.py:151 ipaserver/plugins/permission.py:897 +#, python-format +msgid "\"%s\" is not a valid permission type" +msgstr "" + +#: ipaserver/plugins/permission.py:353 +#, python-format +msgid "Deprecated; use %s" +msgstr "" + +#: ipaserver/plugins/permission.py:370 +#, python-format +msgid "Permission with unknown flag %s may not be modified or removed" +msgstr "" + +#: ipaserver/plugins/permission.py:374 +msgid "A SYSTEM permission may not be modified or removed" +msgstr "" + +#: ipaserver/plugins/permission.py:624 +#, python-format +msgid "Entry %s not found" +msgstr "" + +#: ipaserver/plugins/permission.py:716 +#, python-format +msgid "The ACI for permission %(name)s was not found in %(dn)s " +msgstr "" + +#: ipaserver/plugins/permission.py:820 +msgid "" +"cannot specify full target filter and extra target filter simultaneously" +msgstr "" + +#: ipaserver/plugins/permission.py:843 +#, python-format +msgid "option was renamed; use %s" +msgstr "" + +#: ipaserver/plugins/permission.py:847 +#, python-format +msgid "Cannot use %(old_name)s with %(new_name)s" +msgstr "" + +#: ipaserver/plugins/permission.py:861 ipaserver/plugins/permission.py:876 +#, python-format +msgid "%s: group not found" +msgstr "" + +#: ipaserver/plugins/permission.py:871 +msgid "target and targetgroup are mutually exclusive" +msgstr "" + +#: ipaserver/plugins/permission.py:892 +msgid "subtree and type are mutually exclusive" +msgstr "" + +#: ipaserver/plugins/permission.py:930 +msgid "Bad search filter" +msgstr "" + +#: ipaserver/plugins/permission.py:940 +#, python-format +msgid "Entry %s does not exist" +msgstr "" + +#: ipaserver/plugins/permission.py:949 +msgid "" +"there must be at least one target entry specifier (e.g. target, " +"targetfilter, attrs)" +msgstr "" + +#: ipaserver/plugins/permission.py:961 ipaserver/plugins/permission.py:989 +#, python-format +msgid "Added permission \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/permission.py:1014 +msgid "attrs and included attributes are mutually exclusive" +msgstr "" + +#: ipaserver/plugins/permission.py:1046 +#, python-format +msgid "Cannot store permission ACI to %s" +msgstr "" + +#: ipaserver/plugins/permission.py:1057 +#, python-format +msgid "Deleted permission \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/permission.py:1077 +msgid "cannot delete managed permissions" +msgstr "" + +#: ipaserver/plugins/permission.py:1083 +#, python-format +msgid "ACI of permission %s was not found" +msgstr "" + +#: ipaserver/plugins/permission.py:1092 +#, python-format +msgid "Modified permission \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/permission.py:1125 +msgid "cannot rename managed permissions" +msgstr "" + +#: ipaserver/plugins/permission.py:1132 ipaserver/plugins/permission.py:1136 +msgid "not modifiable on managed permissions" +msgstr "" + +#: ipaserver/plugins/permission.py:1143 +msgid "only available on managed permissions" +msgstr "" + +#: ipaserver/plugins/permission.py:1150 ipaserver/plugins/permission.py:1276 +msgid "attrs and included/excluded attributes are mutually exclusive" +msgstr "" + +#: ipaserver/plugins/permission.py:1161 +msgid "cannot set bindtype for a permission that is assigned to a privilege" +msgstr "" + +#: ipaserver/plugins/permission.py:1265 +#, python-format +msgid "%(count)d permission matched" +msgid_plural "%(count)d permissions matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/whoami.py:15 +msgid "" +"\n" +"Return information about currently authenticated identity\n" +"\n" +"Who am I command returns information on how to get\n" +"more details about the identity authenticated for this\n" +"request. The information includes:\n" +"\n" +" * type of object\n" +" * command to retrieve details of the object\n" +" * arguments and options to pass to the command\n" +"\n" +"The information is returned as a dictionary. Examples below use\n" +"'key: value' output for illustrative purposes.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Look up as IPA user:\n" +" kinit admin\n" +" ipa console\n" +" >> api.Command.whoami()\n" +" ------------------------------------------\n" +" object: user\n" +" command: user_show/1\n" +" arguments: admin\n" +" ------------------------------------------\n" +"\n" +" Look up as a user from a trusted domain:\n" +" kinit user@AD.DOMAIN\n" +" ipa console\n" +" >> api.Command.whoami()\n" +" ------------------------------------------\n" +" object: idoverrideuser\n" +" command: idoverrideuser_show/1\n" +" arguments: ('default trust view', 'user@ad.domain')\n" +" ------------------------------------------\n" +"\n" +" Look up as a host:\n" +" kinit -k\n" +" ipa console\n" +" >> api.Command.whoami()\n" +" ------------------------------------------\n" +" object: host\n" +" command: host_show/1\n" +" arguments: ipa.example.com\n" +" ------------------------------------------\n" +"\n" +" Look up as a Kerberos service:\n" +" kinit -k -t /path/to/keytab HTTP/ipa.example.com\n" +" ipa console\n" +" >> api.Command.whoami()\n" +" ------------------------------------------\n" +" object: service\n" +" command: service_show/1\n" +" arguments: HTTP/ipa.example.com\n" +" ------------------------------------------\n" +msgstr "" + +#: ipaserver/plugins/whoami.py:77 +msgid "Describe currently authenticated identity." +msgstr "" + +#: ipaserver/plugins/whoami.py:82 ipaserver/plugins/whoami.py:88 +msgid "Object class name" +msgstr "" + +#: ipaserver/plugins/whoami.py:83 ipaserver/plugins/whoami.py:89 +msgid "Function to get details" +msgstr "" + +#: ipaserver/plugins/whoami.py:84 ipaserver/plugins/whoami.py:91 +msgid "Arguments to details function" +msgstr "" + +#: ipaserver/plugins/whoami.py:111 +msgid "Cannot query Directory Manager with API" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:86 +msgid "kerberos ticket policy settings" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:128 ipaserver/plugins/krbtpolicy.py:129 +#: ipaserver/plugins/internal.py:1136 +msgid "Kerberos Ticket Policy" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:152 +msgid "OTP max life" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:153 +msgid "OTP token maximum ticket life (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:157 +msgid "OTP max renew" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:158 +msgid "OTP token ticket maximum renewable age (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:162 +msgid "RADIUS max life" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:163 +msgid "RADIUS maximum ticket life (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:167 +msgid "RADIUS max renew" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:168 +msgid "RADIUS ticket maximum renewable age (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:172 +msgid "PKINIT max life" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:173 +msgid "PKINIT maximum ticket life (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:177 +msgid "PKINIT max renew" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:178 +msgid "PKINIT ticket maximum renewable age (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:182 +msgid "Hardened max life" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:183 +msgid "Hardened ticket maximum ticket life (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:187 +msgid "Hardened max renew" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:188 +msgid "Hardened ticket maximum renewable age (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:272 +#, python-format +msgid "Ticket policy for %s could not be read" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:292 +msgid "Default ticket policy could not be read" +msgstr "" + +#: ipaserver/plugins/ldap2.py:270 +msgid "Could not read UPG Definition originfilter. Check your permissions." +msgstr "" + +#: ipaserver/plugins/location.py:33 +msgid "" +"\n" +"IPA locations\n" +msgstr "" + +#: ipaserver/plugins/location.py:35 +msgid "" +"\n" +"Manipulate DNS locations\n" +msgstr "" + +#: ipaserver/plugins/location.py:39 +msgid "" +"\n" +" Find all locations:\n" +" ipa location-find\n" +msgstr "" + +#: ipaserver/plugins/location.py:42 +msgid "" +"\n" +" Show specific location:\n" +" ipa location-show location\n" +msgstr "" + +#: ipaserver/plugins/location.py:45 +msgid "" +"\n" +" Add location:\n" +" ipa location-add location --description 'My location'\n" +msgstr "" + +#: ipaserver/plugins/location.py:48 +msgid "" +"\n" +" Delete location:\n" +" ipa location-del location\n" +msgstr "" + +#: ipaserver/plugins/location.py:62 +msgid "location" +msgstr "" + +#: ipaserver/plugins/location.py:63 +msgid "locations" +msgstr "" + +#: ipaserver/plugins/location.py:69 +msgid "IPA Locations" +msgstr "" + +#: ipaserver/plugins/location.py:70 +msgid "IPA Location" +msgstr "" + +#: ipaserver/plugins/location.py:103 +msgid "Location name" +msgstr "" + +#: ipaserver/plugins/location.py:104 +msgid "IPA location name" +msgstr "" + +#: ipaserver/plugins/location.py:112 +msgid "IPA Location description" +msgstr "" + +#: ipaserver/plugins/location.py:116 +msgid "Servers" +msgstr "" + +#: ipaserver/plugins/location.py:117 +msgid "Servers that belongs to the IPA location" +msgstr "" + +#: ipaserver/plugins/location.py:122 +msgid "Advertised by servers" +msgstr "" + +#: ipaserver/plugins/location.py:123 +msgid "List of servers which advertise the given location" +msgstr "" + +#: ipaserver/plugins/location.py:138 +msgid "Add a new IPA location." +msgstr "" + +#: ipaserver/plugins/location.py:140 +#, python-format +msgid "Added IPA location \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/location.py:145 +msgid "Delete an IPA location." +msgstr "" + +#: ipaserver/plugins/location.py:147 +#, python-format +msgid "Deleted IPA location \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/location.py:157 ipaserver/plugins/internal.py:1928 +#: ipaserver/plugins/server.py:71 +msgid "IPA Server" +msgstr "" + +#: ipaserver/plugins/location.py:170 +msgid "Modify information about an IPA location." +msgstr "" + +#: ipaserver/plugins/location.py:172 +#, python-format +msgid "Modified IPA location \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/location.py:177 +msgid "Search for IPA locations." +msgstr "" + +#: ipaserver/plugins/location.py:180 +#, python-format +msgid "%(count)d IPA location matched" +msgid_plural "%(count)d IPA locations matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/location.py:187 +msgid "Display information about an IPA location." +msgstr "" + +#: ipaserver/plugins/location.py:193 +msgid "Servers in location" +msgstr "" + +#: ipaserver/plugins/schema.py:30 +msgid "" +"\n" +"API Schema\n" +msgstr "" + +#: ipaserver/plugins/schema.py:32 +msgid "" +"\n" +"Provides API introspection capabilities.\n" +msgstr "" + +#: ipaserver/plugins/schema.py:36 +msgid "" +"\n" +" Show user-find details:\n" +" ipa command-show user-find\n" +msgstr "" + +#: ipaserver/plugins/schema.py:39 +msgid "" +"\n" +" Find user-find parameters:\n" +" ipa param-find user-find\n" +msgstr "" + +#: ipaserver/plugins/schema.py:54 ipaserver/plugins/ca.py:84 +#: ipaserver/plugins/trust.py:1418 +msgid "Name" +msgstr "" + +#: ipaserver/plugins/schema.py:60 +msgid "Documentation" +msgstr "" + +#: ipaserver/plugins/schema.py:65 +msgid "Exclude from" +msgstr "" + +#: ipaserver/plugins/schema.py:70 +msgid "Include in" +msgstr "" + +#: ipaserver/plugins/schema.py:128 ipaserver/plugins/baseldap.py:1949 +#, python-format +msgid "Results should contain primary key attribute only (\"%s\")" +msgstr "" + +#: ipaserver/plugins/schema.py:141 +msgid "Help topic" +msgstr "" + +#: ipaserver/plugins/schema.py:153 ipaserver/plugins/internal.py:730 +msgid "Version" +msgstr "" + +#: ipaserver/plugins/schema.py:178 +msgid "Parameters" +msgstr "" + +#: ipaserver/plugins/schema.py:213 +msgid "Method of" +msgstr "" + +#: ipaserver/plugins/schema.py:218 +msgid "Method name" +msgstr "" + +#: ipaserver/plugins/schema.py:263 ipaserver/plugins/schema.py:332 +#: ipaserver/plugins/schema.py:423 ipaserver/plugins/schema.py:658 +#: ipaserver/plugins/schema.py:751 ipaserver/plugins/baseldap.py:658 +#, python-format +msgid "%(pkey)s: %(oname)s not found" +msgstr "" + +#: ipaserver/plugins/schema.py:276 +msgid "Display information about a command." +msgstr "" + +#: ipaserver/plugins/schema.py:281 +msgid "Search for commands." +msgstr "" + +#: ipaserver/plugins/schema.py:286 +msgid "Return command defaults" +msgstr "" + +#: ipaserver/plugins/schema.py:343 +msgid "Display information about a class." +msgstr "" + +#: ipaserver/plugins/schema.py:348 +msgid "Search for classes." +msgstr "" + +#: ipaserver/plugins/schema.py:435 +msgid "Display information about a help topic." +msgstr "" + +#: ipaserver/plugins/schema.py:440 +msgid "Search for help topics." +msgstr "" + +#: ipaserver/plugins/schema.py:452 +msgid "Required" +msgstr "" + +#: ipaserver/plugins/schema.py:457 +msgid "Multi-value" +msgstr "" + +#: ipaserver/plugins/schema.py:505 +msgid "Always ask" +msgstr "" + +#: ipaserver/plugins/schema.py:510 +msgid "CLI metavar" +msgstr "" + +#: ipaserver/plugins/schema.py:515 +msgid "CLI name" +msgstr "" + +#: ipaserver/plugins/schema.py:520 +msgid "Confirm (password)" +msgstr "" + +#: ipaserver/plugins/schema.py:525 +msgid "Default" +msgstr "" + +#: ipaserver/plugins/schema.py:530 +msgid "Default from" +msgstr "" + +#: ipaserver/plugins/schema.py:535 +msgid "Label" +msgstr "" + +#: ipaserver/plugins/schema.py:540 +msgid "Convert on server" +msgstr "" + +#: ipaserver/plugins/schema.py:545 +msgid "Option group" +msgstr "" + +#: ipaserver/plugins/schema.py:550 +msgid "Sensitive" +msgstr "" + +#: ipaserver/plugins/schema.py:555 +msgid "Positional argument" +msgstr "" + +#: ipaserver/plugins/schema.py:640 +#, python-format +msgid "%(metaobject)s: %(oname)s not found" +msgstr "" + +#: ipaserver/plugins/schema.py:679 +msgid "Display information about a command parameter." +msgstr "" + +#: ipaserver/plugins/schema.py:684 +msgid "Search command parameters." +msgstr "" + +#: ipaserver/plugins/schema.py:741 +#, python-format +msgid "%(command_name)s: %(oname)s not found" +msgstr "" + +#: ipaserver/plugins/schema.py:766 +msgid "Display information about a command output." +msgstr "" + +#: ipaserver/plugins/schema.py:771 +msgid "Search for command outputs." +msgstr "" + +#: ipaserver/plugins/schema.py:776 +msgid "Store and provide schema for commands and topics" +msgstr "" + +#: ipaserver/plugins/schema.py:782 +msgid "Fingerprint of schema cached by client" +msgstr "" + +#: ipaserver/plugins/idrange.py:43 +msgid "" +"=======\n" +"WARNING:\n" +"\n" +"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " +"the\n" +"local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +"on the local ranges set via this family of commands.\n" +"\n" +"Manual configuration change has to be done in the DNA plugin configuration " +"for\n" +"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" +"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " +"be\n" +"modified to match the new range.\n" +"=======\n" +msgstr "" + +#: ipaserver/plugins/idrange.py:57 +msgid "" +"\n" +"ID ranges\n" +"\n" +"Manage ID ranges used to map Posix IDs to SIDs and back.\n" +"\n" +"There are two type of ID ranges which are both handled by this utility:\n" +"\n" +" - the ID ranges of the local domain\n" +" - the ID ranges of trusted remote domains\n" +"\n" +"Both types have the following attributes in common:\n" +"\n" +" - base-id: the first ID of the Posix ID range\n" +" - range-size: the size of the range\n" +"\n" +"With those two attributes a range object can reserve the Posix IDs starting\n" +"with base-id up to but not including base-id+range-size exclusively.\n" +"\n" +"Additionally an ID range of the local domain may set\n" +" - rid-base: the first RID(*) of the corresponding RID range\n" +" - secondary-rid-base: first RID of the secondary RID range\n" +"\n" +"and an ID range of a trusted domain must set\n" +" - rid-base: the first RID of the corresponding RID range\n" +" - sid: domain SID of the trusted domain\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for a trusted domain\n" +"\n" +"Since there might be more than one trusted domain the domain SID must be " +"given\n" +"while creating the ID range.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=0 \\\n" +" --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" +"\n" +"This ID range is then used by the IPA server and the SSSD IPA provider to\n" +"assign Posix UIDs to users from the trusted domain.\n" +"\n" +"If e.g. a range for a trusted domain is configured with the following " +"values:\n" +" base-id = 1200000\n" +" range-size = 200000\n" +" rid-base = 0\n" +"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " +"So\n" +"RID 1000 <-> Posix ID 1201000\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for the local domain\n" +"\n" +"To create an ID range for the local domain it is not necessary to specify a\n" +"domain SID. But since it is possible that a user and a group can have the " +"same\n" +"value as Posix ID a second RID interval is needed to handle conflicts.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=1000 \\\n" +" --secondary-rid-base=1000000 local_range\n" +"\n" +"The data from the ID ranges of the local domain are used by the IPA server\n" +"internally to assign SIDs to IPA users and groups. The SID will then be " +"stored\n" +"in the user or group objects.\n" +"\n" +"If e.g. the ID range for the local domain is configured with the values " +"from\n" +"the example above then a new user with the UID 1200007 will get the RID " +"1007.\n" +"If this RID is already used by a group the RID will be 1000007. This can " +"only\n" +"happen if a user or a group object was created with a fixed ID because the\n" +"automatic assignment will not assign the same ID twice. Since there are " +"only\n" +"users and groups sharing the same ID namespace it is sufficient to have " +"only\n" +"one fallback range to handle conflicts.\n" +"\n" +"To find the Posix ID for a given RID from the local domain it has to be\n" +"checked first if the RID falls in the primary or secondary RID range and\n" +"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" +"and the base-id has to be added to get the Posix ID.\n" +"\n" +"Typically the creation of ID ranges happens behind the scenes and this CLI\n" +"must not be used at all. The ID range for the local domain will be created\n" +"during installation or upgrade from an older version. The ID range for a\n" +"trusted domain will be created together with the trust by 'ipa trust-" +"add ...'.\n" +"\n" +"USE CASES:\n" +"\n" +" Add an ID range from a transitively trusted domain\n" +"\n" +" If the trusted domain (A) trusts another domain (B) as well and this " +"trust\n" +" is transitive 'ipa trust-add domain-A' will only create a range for\n" +" domain A. The ID range for domain B must be added manually.\n" +"\n" +" Add an additional ID range for the local domain\n" +"\n" +" If the ID range of the local domain is exhausted, i.e. no new IDs can " +"be\n" +" assigned to Posix users or groups by the DNA plugin, a new range has to " +"be\n" +" created to allow new users and groups to be added. (Currently there is " +"no\n" +" connection between this range CLI and the DNA plugin, but a future " +"version\n" +" might be able to modify the configuration of the DNS plugin as well)\n" +"\n" +"In general it is not necessary to modify or delete ID ranges. If there is " +"no\n" +"other way to achieve a certain configuration than to modify or delete an ID\n" +"range it should be done with great care. Because UIDs are stored in the " +"file\n" +"system and are used for access control it might be possible that users are\n" +"allowed to access files of other users if an ID range got deleted and " +"reused\n" +"for a different domain.\n" +"\n" +"(*) The RID is typically the last integer of a user or group SID which " +"follows\n" +"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " +"from\n" +"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " +"the\n" +"user. RIDs are unique in a domain, 32bit values and are used for users and\n" +"groups.\n" +"\n" +msgstr "" + +#: ipaserver/plugins/idrange.py:198 +msgid "ID Ranges" +msgstr "" + +#: ipaserver/plugins/idrange.py:199 +msgid "ID Range" +msgstr "" + +#: ipaserver/plugins/idrange.py:203 +msgid "local domain range" +msgstr "" + +#: ipaserver/plugins/idrange.py:205 ipaserver/plugins/trust.py:674 +msgid "Active Directory domain range" +msgstr "" + +#: ipaserver/plugins/idrange.py:206 ipaserver/plugins/trust.py:675 +msgid "Active Directory trust range with POSIX attributes" +msgstr "" + +#: ipaserver/plugins/idrange.py:246 +msgid "ID range type, one of allowed values" +msgstr "" + +#: ipaserver/plugins/idrange.py:321 +msgid "" +"range modification leaving objects with ID out of the defined range is not " +"allowed" +msgstr "" + +#: ipaserver/plugins/idrange.py:326 +msgid "" +"Cannot perform SID validation without Samba 4 support installed. Make sure " +"you have installed server-trust-ad sub-package of IPA on the server" +msgstr "" + +#: ipaserver/plugins/idrange.py:333 +msgid "" +"Cross-realm trusts are not configured. Make sure you have run ipa-adtrust-" +"install on the IPA server first" +msgstr "" + +#: ipaserver/plugins/idrange.py:345 +msgid "SID is not recognized as a valid SID for a trusted domain" +msgstr "" + +#: ipaserver/plugins/idrange.py:382 +msgid "" +"\n" +" Add new ID range.\n" +"\n" +" To add a new ID range you always have to specify\n" +"\n" +" --base-id\n" +" --range-size\n" +"\n" +" Additionally\n" +"\n" +" --rid-base\n" +" --secondary-rid-base\n" +"\n" +" may be given for a new ID range for the local domain while\n" +"\n" +" --rid-base\n" +" --dom-sid\n" +"\n" +" must be given to add a new range for a trusted AD domain.\n" +"\n" +msgstr "" + +#: ipaserver/plugins/idrange.py:404 +#, python-format +msgid "Added ID range \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idrange.py:416 ipaserver/plugins/idrange.py:666 +msgid "Options dom-sid and dom-name cannot be used together" +msgstr "" + +#: ipaserver/plugins/idrange.py:427 +msgid "Specified trusted domain name could not be found." +msgstr "" + +#: ipaserver/plugins/idrange.py:442 +msgid "Options dom-sid/dom-name and rid-base must be used together" +msgstr "" + +#: ipaserver/plugins/idrange.py:449 ipaserver/plugins/idrange.py:701 +msgid "" +"Option rid-base must not be used when IPA range type is ipa-ad-trust-posix" +msgstr "" + +#: ipaserver/plugins/idrange.py:456 +msgid "" +"IPA Range type must be one of ipa-ad-trust or ipa-ad-trust-posix when SID of " +"the trusted domain is specified" +msgstr "" + +#: ipaserver/plugins/idrange.py:462 +msgid "Options dom-sid/dom-name and secondary-rid-base cannot be used together" +msgstr "" + +#: ipaserver/plugins/idrange.py:481 +msgid "" +"IPA Range type must not be one of ipa-ad-trust or ipa-ad-trust-posix when " +"SID of the trusted domain is not specified." +msgstr "" + +#: ipaserver/plugins/idrange.py:488 ipaserver/plugins/idrange.py:720 +msgid "Options secondary-rid-base and rid-base must be used together" +msgstr "" + +#: ipaserver/plugins/idrange.py:498 ipaserver/plugins/idrange.py:743 +msgid "Primary RID range and secondary RID range cannot overlap" +msgstr "" + +#: ipaserver/plugins/idrange.py:510 +msgid "" +"You must specify both rid-base and secondary-rid-base options, because ipa-" +"adtrust-install has already been run." +msgstr "" + +#: ipaserver/plugins/idrange.py:529 +#, python-format +msgid "Deleted ID range \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idrange.py:578 +#, python-format +msgid "%(count)d range matched" +msgid_plural "%(count)d ranges matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/idrange.py:614 +msgid "" +"Modify ID range.\n" +"\n" +msgstr "" + +#: ipaserver/plugins/idrange.py:618 +#, python-format +msgid "Modified ID range \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idrange.py:650 +msgid "" +"This command can not be used to change ID allocation for local IPA domain. " +"Run `ipa help idrange` for more information" +msgstr "" + +#: ipaserver/plugins/idrange.py:678 +msgid "" +"SID for the specified trusted domain name could not be found. Please specify " +"the SID directly using dom-sid option." +msgstr "" + +#: ipaserver/plugins/idrange.py:685 +msgid "Options dom-sid and secondary-rid-base cannot be used together" +msgstr "" + +#: ipaserver/plugins/idrange.py:692 +msgid "Options dom-sid and rid-base must be used together" +msgstr "" + +#: ipaserver/plugins/selfservice.py:68 +msgid "self service permission" +msgstr "" + +#: ipaserver/plugins/selfservice.py:69 +msgid "self service permissions" +msgstr "" + +#: ipaserver/plugins/selfservice.py:70 +msgid "Self Service Permissions" +msgstr "" + +#: ipaserver/plugins/selfservice.py:71 +msgid "Self Service Permission" +msgstr "" + +#: ipaserver/plugins/selfservice.py:124 +#, python-format +msgid "Added selfservice \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/selfservice.py:146 +#, python-format +msgid "Deleted selfservice \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/selfservice.py:163 +#, python-format +msgid "Modified selfservice \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/selfservice.py:185 +#, python-format +msgid "%(count)d selfservice matched" +msgid_plural "%(count)d selfservices matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/serverrole.py:13 +msgid "" +"\n" +"IPA server roles\n" +msgstr "" + +#: ipaserver/plugins/serverrole.py:15 +msgid "" +"\n" +"Get status of roles (DNS server, CA, etc.) provided by IPA masters.\n" +msgstr "" + +#: ipaserver/plugins/serverrole.py:17 +msgid "" +"\n" +"The status of a role is either enabled, configured, or absent.\n" +msgstr "" + +#: ipaserver/plugins/serverrole.py:21 +msgid "" +"\n" +" Show status of 'DNS server' role on a server:\n" +" ipa server-role-show ipa.example.com \"DNS server\"\n" +msgstr "" + +#: ipaserver/plugins/serverrole.py:24 +msgid "" +"\n" +" Show status of all roles containing 'AD' on a server:\n" +" ipa server-role-find --server ipa.example.com --role=\"AD trust " +"controller\"\n" +msgstr "" + +#: ipaserver/plugins/serverrole.py:27 +msgid "" +"\n" +" Show status of all configured roles on a server:\n" +" ipa server-role-find ipa.example.com\n" +msgstr "" + +#: ipaserver/plugins/serverrole.py:30 +msgid "" +"\n" +" Show implicit IPA master role:\n" +" ipa server-role-find --include-master\n" +msgstr "" + +#: ipaserver/plugins/serverrole.py:46 +msgid "server role" +msgstr "" + +#: ipaserver/plugins/serverrole.py:47 +msgid "server roles" +msgstr "" + +#: ipaserver/plugins/serverrole.py:51 +msgid "IPA Server Roles" +msgstr "" + +#: ipaserver/plugins/serverrole.py:52 +msgid "IPA Server Role" +msgstr "" + +#: ipaserver/plugins/serverrole.py:65 +msgid "IPA server role name" +msgstr "" + +#: ipaserver/plugins/serverrole.py:71 +msgid "Role status" +msgstr "" + +#: ipaserver/plugins/serverrole.py:72 +msgid "Status of the role" +msgstr "" + +#: ipaserver/plugins/serverrole.py:89 +msgid "Show role status on a server" +msgstr "" + +#: ipaserver/plugins/serverrole.py:113 +msgid "Find a server role on a server(s)" +msgstr "" + +#: ipaserver/plugins/serverrole.py:118 +#, python-format +msgid "%(count)s server role matched" +msgid_plural "%(count)s server roles matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/serverrole.py:139 +msgid "Include IPA master entries" +msgstr "" + +#: ipaserver/plugins/serverrole.py:186 ipaserver/plugins/role.py:82 +msgid "roles" +msgstr "" + +#: ipaserver/plugins/serverrole.py:192 +msgid "IPA role name" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:89 +msgid "HBAC rule and local members cannot both be set" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:128 +msgid "Invalid SELinux user name, must match {}" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:142 +#, python-brace-format +msgid "Invalid MLS value, must match {mls}, where max level {mls_max}" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:147 +#, python-brace-format +msgid "Invalid MCS value, must match {mcs}, where max category {mcs_max}" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:161 +msgid "SELinux user map list not found in configuration" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:166 +#, python-format +msgid "SELinux user %(user)s not found in ordering list (in config)" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:176 +msgid "SELinux User Map rule" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:177 +msgid "SELinux User Map rules" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:233 +msgid "SELinux User Maps" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:234 +msgid "SELinux User Map" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:309 +#, python-format +msgid "HBAC rule %(rule)s not found" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:330 +#, python-format +msgid "Added SELinux User Map \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:368 +#, python-format +msgid "Deleted SELinux User Map \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:376 +#, python-format +msgid "Modified SELinux User Map \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:449 +#, python-format +msgid "%(count)d SELinux User Map matched" +msgid_plural "%(count)d SELinux User Maps matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/selinuxusermap.py:491 +#, python-format +msgid "Enabled SELinux User Map \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:521 +#, python-format +msgid "Disabled SELinux User Map \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/serverroles.py:84 +#, python-brace-format +msgid "{role}: role not found" +msgstr "" + +#: ipaserver/plugins/serverroles.py:178 +#, python-brace-format +msgid "{attr}: no such attribute" +msgstr "" + +#: ipaserver/plugins/idviews.py:72 ipaserver/plugins/idviews.py:123 +#: ipaserver/plugins/idviews.py:131 ipaserver/plugins/idviews.py:351 +#: ipaserver/plugins/idviews.py:838 +msgid "ID View" +msgstr "" + +#: ipaserver/plugins/idviews.py:74 +msgid "system ID View" +msgstr "" + +#: ipaserver/plugins/idviews.py:124 ipaserver/plugins/idviews.py:130 +msgid "ID Views" +msgstr "" + +#: ipaserver/plugins/idviews.py:145 +msgid "User object overrides" +msgstr "" + +#: ipaserver/plugins/idviews.py:149 +msgid "Group object overrides" +msgstr "" + +#: ipaserver/plugins/idviews.py:153 +msgid "Hosts the view applies to" +msgstr "" + +#: ipaserver/plugins/idviews.py:159 ipaserver/plugins/config.py:315 +msgid "Domain resolution order" +msgstr "" + +#: ipaserver/plugins/idviews.py:160 ipaserver/plugins/config.py:316 +msgid "colon-separated list of domains used for short name qualification" +msgstr "" + +#: ipaserver/plugins/idviews.py:196 +#, python-format +msgid "Added ID View \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:213 +#, python-format +msgid "Deleted ID View \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:226 +#, python-format +msgid "Modified an ID View \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:242 +#, python-format +msgid "%(count)d ID View matched" +msgid_plural "%(count)d ID Views matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/idviews.py:352 +msgid "Default Trust View cannot be applied on hosts" +msgstr "" + +#: ipaserver/plugins/idviews.py:380 ipaserver/plugins/idviews.py:413 +msgid "not found" +msgstr "" + +#: ipaserver/plugins/idviews.py:394 +msgid "ID View cannot be applied to IPA master" +msgstr "" + +#: ipaserver/plugins/idviews.py:411 +msgid "ID View already applied" +msgstr "" + +#: ipaserver/plugins/idviews.py:431 +msgid "value" +msgstr "" + +#: ipaserver/plugins/idviews.py:444 +#, python-format +msgid "ID View applied to %i host." +msgstr "" + +#: ipaserver/plugins/idviews.py:445 +#, python-format +msgid "ID View applied to %i hosts." +msgstr "" + +#: ipaserver/plugins/idviews.py:487 +#, python-format +msgid "ID View cleared from %i host." +msgstr "" + +#: ipaserver/plugins/idviews.py:488 +#, python-format +msgid "ID View cleared from %i hosts." +msgstr "" + +#: ipaserver/plugins/idviews.py:556 +msgid "" +"You are trying to reference a magic private group which is not allowed to be " +"overridden. Try overriding the GID attribute of the corresponding user " +"instead." +msgstr "" + +#: ipaserver/plugins/idviews.py:594 +msgid "IPA object" +msgstr "" + +#: ipaserver/plugins/idviews.py:595 +msgid "" +"system IPA objects (e.g. system groups, user private groups) cannot be " +"overridden" +msgstr "" + +#: ipaserver/plugins/idviews.py:689 +#, python-format +msgid "Anchor '%(anchor)s' could not be resolved." +msgstr "" + +#: ipaserver/plugins/idviews.py:839 +msgid "Default Trust View cannot contain IPA users" +msgstr "" + +#: ipaserver/plugins/idviews.py:883 +msgid "Add a new ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:884 +#, python-format +msgid "Added ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:899 +msgid "Delete an ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:900 +#, python-format +msgid "Deleted ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:923 +msgid "Modify an ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:924 +#, python-format +msgid "Modified an ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:931 +msgid "ID override" +msgstr "" + +#: ipaserver/plugins/idviews.py:932 +msgid "ID overrides cannot be renamed" +msgstr "" + +#: ipaserver/plugins/idviews.py:944 +msgid "Search for an ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:945 +#, python-format +msgid "%(count)d ID override matched" +msgid_plural "%(count)d ID overrides matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/idviews.py:957 +msgid "Display information about an ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:969 ipaserver/plugins/idviews.py:973 +msgid "User ID override" +msgstr "" + +#: ipaserver/plugins/idviews.py:970 ipaserver/plugins/idviews.py:972 +msgid "User ID overrides" +msgstr "" + +#: ipaserver/plugins/idviews.py:1056 ipaserver/plugins/certmap.py:606 +#: ipaserver/plugins/baseuser.py:399 ipaserver/plugins/baseuser.py:839 +msgid "Base-64 encoded user certificate" +msgstr "" + +#: ipaserver/plugins/idviews.py:1092 ipaserver/plugins/idviews.py:1096 +msgid "Group ID override" +msgstr "" + +#: ipaserver/plugins/idviews.py:1093 ipaserver/plugins/idviews.py:1095 +msgid "Group ID overrides" +msgstr "" + +#: ipaserver/plugins/idviews.py:1137 +msgid "Add one or more certificates to the idoverrideuser entry" +msgstr "" + +#: ipaserver/plugins/idviews.py:1138 +#, python-format +msgid "Added certificates to idoverrideuser \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:1160 +msgid "Remove one or more certificates to the idoverrideuser entry" +msgstr "" + +#: ipaserver/plugins/idviews.py:1161 +#, python-format +msgid "Removed certificates from idoverrideuser \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:1185 +#, python-format +msgid "Added User ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:1210 +#, python-format +msgid "Deleted User ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:1216 +#, python-format +msgid "Modified an User ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:1248 +#, python-format +msgid "%(count)d User ID override matched" +msgid_plural "%(count)d User ID overrides matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/idviews.py:1284 +#, python-format +msgid "Added Group ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:1290 +#, python-format +msgid "Deleted Group ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:1296 +#, python-format +msgid "Modified an Group ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:1302 +#, python-format +msgid "%(count)d Group ID override matched" +msgid_plural "%(count)d Group ID overrides matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/certmap.py:50 +msgid "" +"\n" +"Certificate Identity Mapping\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:52 +msgid "" +"\n" +"Manage Certificate Identity Mapping configuration and rules.\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:54 +msgid "" +"\n" +"IPA supports the use of certificates for authentication. Certificates can\n" +"either be stored in the user entry (full certificate in the usercertificate\n" +"attribute), or simply linked to the user entry through a mapping.\n" +"This code enables the management of the rules allowing to link a\n" +"certificate to a user entry.\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:62 +msgid "" +"\n" +" Display the Certificate Identity Mapping global configuration:\n" +" ipa certmapconfig-show\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:65 +msgid "" +"\n" +" Modify Certificate Identity Mapping global configuration:\n" +" ipa certmapconfig-mod --promptusername=TRUE\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:68 +msgid "" +"\n" +" Create a new Certificate Identity Mapping Rule:\n" +" ipa certmaprule-add rule1 --desc=\"Link certificate with subject and " +"issuer\"\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:71 +msgid "" +"\n" +" Modify a Certificate Identity Mapping Rule:\n" +" ipa certmaprule-mod rule1 --maprule=\"\"\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:74 +msgid "" +"\n" +" Disable a Certificate Identity Mapping Rule:\n" +" ipa certmaprule-disable rule1\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:77 +msgid "" +"\n" +" Enable a Certificate Identity Mapping Rule:\n" +" ipa certmaprule-enable rule1\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:80 +msgid "" +"\n" +" Display information about a Certificate Identity Mapping Rule:\n" +" ipa certmaprule-show rule1\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:83 +msgid "" +"\n" +" Find all Certificate Identity Mapping Rules with the specified domain:\n" +" ipa certmaprule-find --domain example.com\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:86 +msgid "" +"\n" +" Delete a Certificate Identity Mapping Rule:\n" +" ipa certmaprule-del rule1\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:141 ipaserver/plugins/certmap.py:148 +#: ipaserver/plugins/certmap.py:175 ipaserver/plugins/trust.py:848 +msgid "domain" +msgstr "" + +#: ipaserver/plugins/certmap.py:142 +#, python-format +msgid "" +"The domain(s) \"%s\" cannot be used to apply altSecurityIdentities check." +msgstr "" + +#: ipaserver/plugins/certmap.py:149 +msgid "" +"The mapping rule with altSecurityIdentities should be applied to a trusted " +"Active Directory domain but no domain was associated with the rule." +msgstr "" + +#: ipaserver/plugins/certmap.py:176 +#, python-format +msgid "The domain %s is neither IPA domain nor a trusteddomain." +msgstr "" + +#: ipaserver/plugins/certmap.py:186 +msgid "Certificate Identity Mapping configuration options" +msgstr "" + +#: ipaserver/plugins/certmap.py:191 ipaserver/plugins/certmap.py:192 +msgid "Certificate Identity Mapping Global Configuration" +msgstr "" + +#: ipaserver/plugins/certmap.py:198 +msgid "Prompt for the username" +msgstr "" + +#: ipaserver/plugins/certmap.py:199 +msgid "" +"Prompt for the username when multiple identities are mapped to a certificate" +msgstr "" + +#: ipaserver/plugins/certmap.py:229 +msgid "Modify Certificate Identity Mapping configuration." +msgstr "" + +#: ipaserver/plugins/certmap.py:234 +msgid "Show the current Certificate Identity Mapping configuration." +msgstr "" + +#: ipaserver/plugins/certmap.py:243 ipaserver/plugins/certmap.py:247 +msgid "Certificate Identity Mapping Rules" +msgstr "" + +#: ipaserver/plugins/certmap.py:244 ipaserver/plugins/certmap.py:246 +msgid "Certificate Identity Mapping Rule" +msgstr "" + +#: ipaserver/plugins/certmap.py:274 +msgid "Certificate Identity Mapping Rule name" +msgstr "" + +#: ipaserver/plugins/certmap.py:280 +msgid "Certificate Identity Mapping Rule description" +msgstr "" + +#: ipaserver/plugins/certmap.py:285 +msgid "Mapping rule" +msgstr "" + +#: ipaserver/plugins/certmap.py:286 +msgid "Rule used to map the certificate with a user entry" +msgstr "" + +#: ipaserver/plugins/certmap.py:291 +msgid "Matching rule" +msgstr "" + +#: ipaserver/plugins/certmap.py:292 +msgid "Rule used to check if a certificate can be used for authentication" +msgstr "" + +#: ipaserver/plugins/certmap.py:299 +msgid "Domain where the user entry will be searched" +msgstr "" + +#: ipaserver/plugins/certmap.py:305 +msgid "Priority of the rule (higher number means lower priority" +msgstr "" + +#: ipaserver/plugins/certmap.py:356 +msgid "Create a new Certificate Identity Mapping Rule." +msgstr "" + +#: ipaserver/plugins/certmap.py:358 +#, python-format +msgid "Added Certificate Identity Mapping Rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/certmap.py:369 +msgid "Modify a Certificate Identity Mapping Rule." +msgstr "" + +#: ipaserver/plugins/certmap.py:371 +#, python-format +msgid "Modified Certificate Identity Mapping Rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/certmap.py:392 +msgid "Search for Certificate Identity Mapping Rules." +msgstr "" + +#: ipaserver/plugins/certmap.py:395 +#, python-format +msgid "%(count)d Certificate Identity Mapping Rule matched" +msgid_plural "%(count)d Certificate Identity Mapping Rules matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/certmap.py:402 +msgid "Display information about a Certificate Identity Mapping Rule." +msgstr "" + +#: ipaserver/plugins/certmap.py:408 +msgid "Delete a Certificate Identity Mapping Rule." +msgstr "" + +#: ipaserver/plugins/certmap.py:410 +#, python-format +msgid "Deleted Certificate Identity Mapping Rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/certmap.py:415 +msgid "Enable a Certificate Identity Mapping Rule." +msgstr "" + +#: ipaserver/plugins/certmap.py:417 +#, python-format +msgid "Enabled Certificate Identity Mapping Rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/certmap.py:444 +msgid "Disable a Certificate Identity Mapping Rule." +msgstr "" + +#: ipaserver/plugins/certmap.py:446 +#, python-format +msgid "Disabled Certificate Identity Mapping Rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/certmap.py:500 +msgid "Failed to connect to sssd over SystemBus. See details in the error_log" +msgstr "" + +#: ipaserver/plugins/certmap.py:554 +msgid "Failed to find users over SystemBus. See details in the error_log" +msgstr "" + +#: ipaserver/plugins/certmap.py:571 +msgid "User logins" +msgstr "" + +#: ipaserver/plugins/certmap.py:579 +msgid "" +"\n" +" Search for users matching the provided certificate.\n" +"\n" +" This command relies on SSSD to retrieve the list of matching users and\n" +" may return cached data. For more information on purging SSSD cache,\n" +" please refer to sss_cache documentation.\n" +" " +msgstr "" + +#: ipaserver/plugins/certmap.py:587 +#, python-format +msgid "%(count)s user matched" +msgid_plural "%(count)s users matched" +msgstr[0] "" +msgstr[1] "" + #: ipaserver/plugins/automember.py:43 msgid "" "\n" @@ -16434,2796 +19262,353 @@ msgstr "" msgid "Remove orphan automember rules" msgstr "" -#: ipaserver/plugins/config.py:41 -msgid "" -"\n" -"Server configuration\n" -"\n" -"Manage the default values that IPA uses and some of its tuning parameters.\n" -"\n" -"NOTES:\n" -"\n" -"The password notification value (--pwdexpnotify) is stored here so it will\n" -"be replicated. It is not currently used to notify users in advance of an\n" -"expiring password.\n" -"\n" -"Some attributes are read-only, provided only for information purposes. " -"These\n" -"include:\n" -"\n" -"Certificate Subject base: the configured certificate subject base,\n" -" e.g. O=EXAMPLE.COM. This is configurable only at install time.\n" -"Password plug-in features: currently defines additional hashes that the\n" -" password will generate (there may be other conditions).\n" -"\n" -"When setting the order list for mapping SELinux users you may need to\n" -"quote the value so it isn't interpreted by the shell.\n" -"\n" -"The maximum length of a hostname in Linux is controlled by\n" -"MAXHOSTNAMELEN in the kernel and defaults to 64. Some other operating\n" -"systems, Solaris for example, allows hostnames up to 255 characters.\n" -"This option will allow flexibility in length but by default limiting\n" -"to the Linux maximum length.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Show basic server configuration:\n" -" ipa config-show\n" -"\n" -" Show all configuration options:\n" -" ipa config-show --all\n" -"\n" -" Change maximum username length to 99 characters:\n" -" ipa config-mod --maxusername=99\n" -"\n" -" Change maximum host name length to 255 characters:\n" -" ipa config-mod --maxhostname=255\n" -"\n" -" Increase default time and size limits for maximum IPA server search:\n" -" ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000\n" -"\n" -" Set default user e-mail domain:\n" -" ipa config-mod --emaildomain=example.com\n" -"\n" -" Enable migration mode to make \"ipa migrate-ds\" command operational:\n" -" ipa config-mod --enable-migration=TRUE\n" -"\n" -" Define SELinux user map order:\n" -" ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0-" -"s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'\n" +#: ipaserver/plugins/baseldap.py:101 +msgid "Member service groups" msgstr "" -#: ipaserver/plugins/config.py:107 -msgid "must be at least 10" +#: ipaserver/plugins/baseldap.py:110 +msgid "Member HBAC service groups" msgstr "" -#: ipaserver/plugins/config.py:115 -msgid "configuration options" +#: ipaserver/plugins/baseldap.py:125 +msgid "Member ID user overrides" msgstr "" -#: ipaserver/plugins/config.py:150 ipaserver/plugins/config.py:151 -msgid "Configuration" +#: ipaserver/plugins/baseldap.py:127 +msgid "Indirect Member ID user overrides" msgstr "" -#: ipaserver/plugins/config.py:162 -msgid "Maximum hostname length" +#: ipaserver/plugins/baseldap.py:144 +msgid "Indirect Member permissions" msgstr "" -#: ipaserver/plugins/config.py:266 -msgid "IPA masters" +#: ipaserver/plugins/baseldap.py:147 +msgid "Indirect Member HBAC service" msgstr "" -#: ipaserver/plugins/config.py:267 -msgid "List of all IPA masters" +#: ipaserver/plugins/baseldap.py:150 +msgid "Indirect Member HBAC service group" msgstr "" -#: ipaserver/plugins/config.py:272 -msgid "Hidden IPA masters" +#: ipaserver/plugins/baseldap.py:211 +msgid "Invalid format. Should be name=value" msgstr "" -#: ipaserver/plugins/config.py:273 -msgid "List of all hidden IPA masters" +#: ipaserver/plugins/baseldap.py:582 +msgid "An IPA master host cannot be deleted or disabled" msgstr "" -#: ipaserver/plugins/config.py:278 -msgid "IPA master capable of PKINIT" +#: ipaserver/plugins/baseldap.py:613 +msgid "entry" msgstr "" -#: ipaserver/plugins/config.py:279 -msgid "IPA master which can process PKINIT requests" +#: ipaserver/plugins/baseldap.py:614 +msgid "entries" msgstr "" -#: ipaserver/plugins/config.py:284 -msgid "IPA CA servers" +#: ipaserver/plugins/baseldap.py:652 ipaserver/plugins/baseldap.py:653 +msgid "Entry" msgstr "" -#: ipaserver/plugins/config.py:285 -msgid "IPA servers configured as certificate authority" -msgstr "" - -#: ipaserver/plugins/config.py:290 -msgid "Hidden IPA CA servers" -msgstr "" - -#: ipaserver/plugins/config.py:291 -msgid "Hidden IPA servers configured as certificate authority" -msgstr "" - -#: ipaserver/plugins/config.py:296 -msgid "IPA CA renewal master" -msgstr "" - -#: ipaserver/plugins/config.py:297 -msgid "Renewal master for IPA certificate authority" -msgstr "" - -#: ipaserver/plugins/config.py:302 ipaserver/plugins/vault.py:978 -msgid "IPA KRA servers" -msgstr "" - -#: ipaserver/plugins/config.py:303 -msgid "IPA servers configured as key recovery agent" -msgstr "" - -#: ipaserver/plugins/config.py:308 -msgid "Hidden IPA KRA servers" -msgstr "" - -#: ipaserver/plugins/config.py:309 -msgid "Hidden IPA servers configured as key recovery agent" -msgstr "" - -#: ipaserver/plugins/config.py:315 ipaserver/plugins/idviews.py:159 -msgid "Domain resolution order" -msgstr "" - -#: ipaserver/plugins/config.py:316 ipaserver/plugins/idviews.py:160 -msgid "colon-separated list of domains used for short name qualification" -msgstr "" - -#: ipaserver/plugins/config.py:321 ipaserver/plugins/dns.py:4119 -msgid "IPA DNS servers" -msgstr "" - -#: ipaserver/plugins/config.py:322 -msgid "IPA servers configured as domain name server" -msgstr "" - -#: ipaserver/plugins/config.py:327 -msgid "Hidden IPA DNS servers" -msgstr "" - -#: ipaserver/plugins/config.py:328 -msgid "Hidden IPA servers configured as domain name server" -msgstr "" - -#: ipaserver/plugins/config.py:333 ipaserver/plugins/dns.py:4125 -msgid "IPA DNSSec key master" -msgstr "" - -#: ipaserver/plugins/config.py:334 -msgid "DNSec key master" -msgstr "" - -#: ipaserver/plugins/config.py:411 -msgid "Empty domain is not allowed" -msgstr "" - -#: ipaserver/plugins/config.py:419 +#: ipaserver/plugins/baseldap.py:656 #, python-format -msgid "Invalid domain name '%(domain)s': %(e)s" +msgid "container entry (%(container)s) not found" msgstr "" -#: ipaserver/plugins/config.py:424 +#: ipaserver/plugins/baseldap.py:657 #, python-format -msgid "Server has no information about domain '%(domain)s'" +msgid "%(parent)s: %(oname)s not found" msgstr "" -#: ipaserver/plugins/config.py:431 +#: ipaserver/plugins/baseldap.py:659 #, python-format -msgid "Disabled domain '%(domain)s' is not allowed" +msgid "%(oname)s with name \"%(pkey)s\" already exists" msgstr "" -#: ipaserver/plugins/config.py:483 -msgid "The group doesn't exist" -msgstr "" - -#: ipaserver/plugins/config.py:501 +#: ipaserver/plugins/baseldap.py:946 ipaserver/plugins/baseldap.py:954 #, python-format -msgid "attribute \"%s\" not allowed" +msgid "attribute \"%(attribute)s\" not allowed" msgstr "" -#: ipaserver/plugins/config.py:521 -msgid "May not be empty" -msgstr "" - -#: ipaserver/plugins/config.py:540 +#: ipaserver/plugins/baseldap.py:959 #, python-format -msgid "%(obj)s default attribute %(attr)s would not be allowed!" +msgid "these attributes are not allowed: %(attrs)s" msgstr "" -#: ipaserver/plugins/config.py:572 -msgid "A list of SELinux users delimited by $ expected" +#: ipaserver/plugins/baseldap.py:1017 +msgid "attribute is not configurable" msgstr "" -#: ipaserver/plugins/config.py:576 +#: ipaserver/plugins/baseldap.py:1120 +msgid "No such attribute on this entry" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1476 #, python-format -msgid "SELinux user '%(user)s' is not valid: %(error)s" +msgid "Rename the %(ldap_obj_name)s object" msgstr "" -#: ipaserver/plugins/config.py:588 -msgid "SELinux user map default user not in order list" +#: ipaserver/plugins/baseldap.py:1574 ipaserver/plugins/baseldap.py:2482 +msgid "the entry was deleted while being modified" msgstr "" -#: ipaserver/plugins/dns.py:100 -msgid "" -"\n" -"Domain Name System (DNS)\n" -msgstr "" - -#: ipaserver/plugins/dns.py:102 -msgid "" -"\n" -"Manage DNS zone and resource records.\n" -msgstr "" - -#: ipaserver/plugins/dns.py:104 -msgid "" -"\n" -"SUPPORTED ZONE TYPES\n" -"\n" -" * Master zone (dnszone-*), contains authoritative data.\n" -" * Forward zone (dnsforwardzone-*), forwards queries to configured " -"forwarders\n" -" (a set of DNS servers).\n" -msgstr "" - -#: ipaserver/plugins/dns.py:110 -msgid "" -"\n" -"USING STRUCTURED PER-TYPE OPTIONS\n" -msgstr "" - -#: ipaserver/plugins/dns.py:112 -msgid "" -"\n" -"There are many structured DNS RR types where DNS data stored in LDAP server\n" -"is not just a scalar value, for example an IP address or a domain name, but\n" -"a data structure which may be often complex. A good example is a LOC record\n" -"[RFC1876] which consists of many mandatory and optional parts (degrees,\n" -"minutes, seconds of latitude and longitude, altitude or precision).\n" -msgstr "" - -#: ipaserver/plugins/dns.py:118 -msgid "" -"\n" -"It may be difficult to manipulate such DNS records without making a mistake\n" -"and entering an invalid value. DNS module provides an abstraction over " -"these\n" -"raw records and allows to manipulate each RR type with specific options. " -"For\n" -"each supported RR type, DNS module provides a standard option to manipulate\n" -"a raw records with format ---rec, e.g. --mx-rec, and special " -"options\n" -"for every part of the RR structure with format ---, e.g.\n" -"--mx-preference and --mx-exchanger.\n" -msgstr "" - -#: ipaserver/plugins/dns.py:126 -msgid "" -"\n" -"When adding a record, either RR specific options or standard option for a " -"raw\n" -"value can be used, they just should not be combined in one add operation. " -"When\n" -"modifying an existing entry, new RR specific options can be used to change\n" -"one part of a DNS record, where the standard option for raw value is used\n" -"to specify the modified value. The following example demonstrates\n" -"a modification of MX record preference from 0 to 1 in a record without\n" -"modifying the exchanger:\n" -"ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n" -msgstr "" - -#: ipaserver/plugins/dns.py:135 -msgid "" -"\n" -"\n" -"EXAMPLES:\n" -msgstr "" - -#: ipaserver/plugins/dns.py:138 -msgid "" -"\n" -" Add new zone:\n" -" ipa dnszone-add example.com --admin-email=admin@example.com\n" -msgstr "" - -#: ipaserver/plugins/dns.py:141 -msgid "" -"\n" -" Add system permission that can be used for per-zone privilege delegation:\n" -" ipa dnszone-add-permission example.com\n" -msgstr "" - -#: ipaserver/plugins/dns.py:144 -msgid "" -"\n" -" Modify the zone to allow dynamic updates for hosts own records in realm " -"EXAMPLE.COM:\n" -" ipa dnszone-mod example.com --dynamic-update=TRUE\n" -msgstr "" - -#: ipaserver/plugins/dns.py:147 -msgid "" -"\n" -" This is the equivalent of:\n" -" ipa dnszone-mod example.com --dynamic-update=TRUE \\\n" -" --update-policy=\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM " -"krb5-self * AAAA; grant EXAMPLE.COM krb5-self * SSHFP;\"\n" -msgstr "" - -#: ipaserver/plugins/dns.py:151 -msgid "" -"\n" -" Modify the zone to allow zone transfers for local network only:\n" -" ipa dnszone-mod example.com --allow-transfer=192.0.2.0/24\n" -msgstr "" - -#: ipaserver/plugins/dns.py:154 -msgid "" -"\n" -" Add new reverse zone specified by network IP address:\n" -" ipa dnszone-add --name-from-ip=192.0.2.0/24\n" -msgstr "" - -#: ipaserver/plugins/dns.py:157 -msgid "" -"\n" -" Add second nameserver for example.com:\n" -" ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n" -msgstr "" - -#: ipaserver/plugins/dns.py:160 -msgid "" -"\n" -" Add a mail server for example.com:\n" -" ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n" -msgstr "" - -#: ipaserver/plugins/dns.py:163 -msgid "" -"\n" -" Add another record using MX record specific options:\n" -" ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n" -msgstr "" - -#: ipaserver/plugins/dns.py:166 -msgid "" -"\n" -" Add another record using interactive mode (started when dnsrecord-add, " -"dnsrecord-mod,\n" -" or dnsrecord-del are executed with no options):\n" -" ipa dnsrecord-add example.com @\n" -" Please choose a type of DNS resource record to be added\n" -" The most common types for this type of zone are: NS, MX, LOC\n" -"\n" -" DNS resource record type: MX\n" -" MX Preference: 30\n" -" MX Exchanger: mail3\n" -" Record name: example.com\n" -" MX record: 10 mail1, 20 mail2, 30 mail3\n" -" NS record: nameserver.example.com., nameserver2.example.com.\n" -msgstr "" - -#: ipaserver/plugins/dns.py:179 -msgid "" -"\n" -" Delete previously added nameserver from example.com:\n" -" ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n" -msgstr "" - -#: ipaserver/plugins/dns.py:182 -msgid "" -"\n" -" Add LOC record for example.com:\n" -" ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E " -"227.64m\"\n" -msgstr "" - -#: ipaserver/plugins/dns.py:185 -msgid "" -"\n" -" Add new A record for www.example.com. Create a reverse record in " -"appropriate\n" -" reverse zone as well. In this case a PTR record \"2\" pointing to www." -"example.com\n" -" will be created in zone 2.0.192.in-addr.arpa.\n" -" ipa dnsrecord-add example.com www --a-rec=192.0.2.2 --a-create-reverse\n" -msgstr "" - -#: ipaserver/plugins/dns.py:190 -msgid "" -"\n" -" Add new PTR record for www.example.com\n" -" ipa dnsrecord-add 2.0.192.in-addr.arpa. 2 --ptr-rec=www.example.com.\n" -msgstr "" - -#: ipaserver/plugins/dns.py:193 -msgid "" -"\n" -" Add new SRV records for LDAP servers. Three quarters of the requests\n" -" should go to fast.example.com, one quarter to slow.example.com. If neither\n" -" is available, switch to backup.example.com.\n" -" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example." -"com\"\n" -" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example." -"com\"\n" -" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup." -"example.com\"\n" -msgstr "" - -#: ipaserver/plugins/dns.py:200 -msgid "" -"\n" -" The interactive mode can be used for easy modification:\n" -" ipa dnsrecord-mod example.com _ldap._tcp\n" -" No option to modify specific record provided.\n" -" Current DNS record contents:\n" -"\n" -" SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 " -"backup.example.com\n" -"\n" -" Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n" -" Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n" -" SRV Priority [0]: (keep the default value)\n" -" SRV Weight [1]: 2 (modified value)\n" -" SRV Port [389]: (keep the default value)\n" -" SRV Target [slow.example.com]: (keep the default value)\n" -" 1 SRV record skipped. Only one value per DNS record type can be modified " -"at one time.\n" -" Record name: _ldap._tcp\n" -" SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 " -"389 slow.example.com\n" -msgstr "" - -#: ipaserver/plugins/dns.py:217 -msgid "" -"\n" -" After this modification, three fifths of the requests should go to\n" -" fast.example.com and two fifths to slow.example.com.\n" -msgstr "" - -#: ipaserver/plugins/dns.py:220 -msgid "" -"\n" -" An example of the interactive mode for dnsrecord-del command:\n" -" ipa dnsrecord-del example.com www\n" -" No option to delete specific record provided.\n" -" Delete all? Yes/No (default No): (do not delete all records)\n" -" Current DNS record contents:\n" -"\n" -" A record: 192.0.2.2, 192.0.2.3\n" -"\n" -" Delete A record '192.0.2.2'? Yes/No (default No):\n" -" Delete A record '192.0.2.3'? Yes/No (default No): y\n" -" Record name: www\n" -" A record: 192.0.2.2 (A record 192.0.2.3 has been " -"deleted)\n" -msgstr "" - -#: ipaserver/plugins/dns.py:233 -msgid "" -"\n" -" Show zone example.com:\n" -" ipa dnszone-show example.com\n" -msgstr "" - -#: ipaserver/plugins/dns.py:236 -msgid "" -"\n" -" Find zone with \"example\" in its domain name:\n" -" ipa dnszone-find example\n" -msgstr "" - -#: ipaserver/plugins/dns.py:239 -msgid "" -"\n" -" Find records for resources with \"www\" in their name in zone example.com:\n" -" ipa dnsrecord-find example.com www\n" -msgstr "" - -#: ipaserver/plugins/dns.py:242 -msgid "" -"\n" -" Find A records with value 192.0.2.2 in zone example.com\n" -" ipa dnsrecord-find example.com --a-rec=192.0.2.2\n" -msgstr "" - -#: ipaserver/plugins/dns.py:245 -msgid "" -"\n" -" Show records for resource www in zone example.com\n" -" ipa dnsrecord-show example.com www\n" -msgstr "" - -#: ipaserver/plugins/dns.py:248 -msgid "" -"\n" -" Delegate zone sub.example to another nameserver:\n" -" ipa dnsrecord-add example.com ns.sub --a-rec=203.0.113.1\n" -" ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n" -msgstr "" - -#: ipaserver/plugins/dns.py:252 -msgid "" -"\n" -" Delete zone example.com with all resource records:\n" -" ipa dnszone-del example.com\n" -msgstr "" - -#: ipaserver/plugins/dns.py:255 -msgid "" -"\n" -" If a global forwarder is configured, all queries for which this server is " -"not\n" -" authoritative (e.g. sub.example.com) will be routed to the global " -"forwarder.\n" -" Global forwarding configuration can be overridden per-zone.\n" -msgstr "" - -#: ipaserver/plugins/dns.py:259 -msgid "" -"\n" -" Semantics of forwarding in IPA matches BIND semantics and depends on the " -"type\n" -" of zone:\n" -" * Master zone: local BIND replies authoritatively to queries for data in\n" -" the given zone (including authoritative NXDOMAIN answers) and forwarding\n" -" affects only queries for names below zone cuts (NS records) of locally\n" -" served zones.\n" -"\n" -" * Forward zone: forward zone contains no authoritative data. BIND " -"forwards\n" -" queries, which cannot be answered from its local cache, to configured\n" -" forwarders.\n" -msgstr "" - -#: ipaserver/plugins/dns.py:270 -msgid "" -"\n" -" Semantics of the --forward-policy option:\n" -" * none - disable forwarding for the given zone.\n" -" * first - forward all queries to configured forwarders. If they fail,\n" -" do resolution using DNS root servers.\n" -" * only - forward all queries to configured forwarders and if they fail,\n" -" return failure.\n" -msgstr "" - -#: ipaserver/plugins/dns.py:277 -msgid "" -"\n" -" Disable global forwarding for given sub-tree:\n" -" ipa dnszone-mod example.com --forward-policy=none\n" -msgstr "" - -#: ipaserver/plugins/dns.py:280 -msgid "" -"\n" -" This configuration forwards all queries for names outside the example.com\n" -" sub-tree to global forwarders. Normal recursive resolution process is used\n" -" for names inside the example.com sub-tree (i.e. NS records are followed " -"etc.).\n" -msgstr "" - -#: ipaserver/plugins/dns.py:284 -msgid "" -"\n" -" Forward all requests for the zone external.example.com to another " -"forwarder\n" -" using a \"first\" policy (it will send the queries to the selected " -"forwarder\n" -" and if not answered it will use global root servers):\n" -" ipa dnsforwardzone-add external.example.com --forward-policy=first \\\n" -" --forwarder=203.0.113.1\n" -msgstr "" - -#: ipaserver/plugins/dns.py:290 -msgid "" -"\n" -" Change forward-policy for external.example.com:\n" -" ipa dnsforwardzone-mod external.example.com --forward-policy=only\n" -msgstr "" - -#: ipaserver/plugins/dns.py:293 -msgid "" -"\n" -" Show forward zone external.example.com:\n" -" ipa dnsforwardzone-show external.example.com\n" -msgstr "" - -#: ipaserver/plugins/dns.py:296 -msgid "" -"\n" -" List all forward zones:\n" -" ipa dnsforwardzone-find\n" -msgstr "" - -#: ipaserver/plugins/dns.py:299 -msgid "" -"\n" -" Delete forward zone external.example.com:\n" -" ipa dnsforwardzone-del external.example.com\n" -msgstr "" - -#: ipaserver/plugins/dns.py:302 -msgid "" -"\n" -" Resolve a host name to see if it exists (will add default IPA domain\n" -" if one is not included):\n" -" ipa dns-resolve www.example.com\n" -" ipa dns-resolve www\n" -msgstr "" - -#: ipaserver/plugins/dns.py:307 -msgid "" -"\n" -"\n" -"GLOBAL DNS CONFIGURATION\n" -msgstr "" - -#: ipaserver/plugins/dns.py:310 -msgid "" -"\n" -"DNS configuration passed to command line install script is stored in a " -"local\n" -"configuration file on each IPA server where DNS service is configured. " -"These\n" -"local settings can be overridden with a common configuration stored in LDAP\n" -"server:\n" -msgstr "" - -#: ipaserver/plugins/dns.py:315 -msgid "" -"\n" -" Show global DNS configuration:\n" -" ipa dnsconfig-show\n" -msgstr "" - -#: ipaserver/plugins/dns.py:318 -msgid "" -"\n" -" Modify global DNS configuration and set a list of global forwarders:\n" -" ipa dnsconfig-mod --forwarder=203.0.113.113\n" -msgstr "" - -#: ipaserver/plugins/dns.py:406 -msgid "invalid IP network format" -msgstr "" - -#: ipaserver/plugins/dns.py:415 -msgid "each ACL element must be terminated with a semicolon" -msgstr "" - -#: ipaserver/plugins/dns.py:431 -msgid "invalid address format" -msgstr "" - -#: ipaserver/plugins/dns.py:475 -msgid "" -"expected format: <0-255> <0-255> <0-65535> even-" -"length_hexadecimal_digits_or_hyphen" -msgstr "" - -#: ipaserver/plugins/dns.py:484 -msgid "algorithm value: allowed interval 0-255" -msgstr "" - -#: ipaserver/plugins/dns.py:487 -msgid "flags value: allowed interval 0-255" -msgstr "" - -#: ipaserver/plugins/dns.py:490 -msgid "iterations value: allowed interval 0-65535" -msgstr "" - -#: ipaserver/plugins/dns.py:498 +#: ipaserver/plugins/baseldap.py:1707 ipaserver/plugins/baseldap.py:2209 #, python-format -msgid "salt value: %(err)s" +msgid "%s" msgstr "" -#: ipaserver/plugins/dns.py:505 -msgid "invalid domain-name: not fully qualified" +#: ipaserver/plugins/baseldap.py:1708 +#: ipaserver/plugins/servicedelegation.py:213 +#: ipaserver/plugins/servicedelegation.py:303 +#, python-format +msgid "member %s" msgstr "" -#: ipaserver/plugins/dns.py:514 -msgid "should not be a wildcard domain name (RFC 4592 section 4)" +#: ipaserver/plugins/baseldap.py:1750 ipaserver/plugins/baseldap.py:2233 +#, python-format +msgid "%s to add" msgstr "" -#: ipaserver/plugins/dns.py:555 +#: ipaserver/plugins/baseldap.py:1849 ipaserver/plugins/baseldap.py:2332 +#, python-format +msgid "%s to remove" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1957 #, python-format msgid "" -"All nameservers failed to answer the query for DNS reverse zone %(revdns)s" +"Search for %(searched_object)s with these %(relationship)s %(ldap_object)s." msgstr "" -#: ipaserver/plugins/dns.py:564 +#: ipaserver/plugins/baseldap.py:1958 #, python-format msgid "" -"DNS reverse zone %(revzone)s for IP address %(addr)s is not managed by this " -"server" +"Search for %(searched_object)s without these %(relationship)s " +"%(ldap_object)s." msgstr "" -#: ipaserver/plugins/dns.py:581 +#: ipaserver/plugins/baseldap.py:2513 #, python-format -msgid "DNS zone %(zone)s not found" +msgid "added attribute value to entry %(value)s" msgstr "" -#: ipaserver/plugins/dns.py:596 +#: ipaserver/plugins/baseldap.py:2527 #, python-format -msgid "IP address %(ip)s is already assigned in domain %(domain)s." +msgid "removed attribute values from entry %(value)s" msgstr "" -#: ipaserver/plugins/dns.py:606 -#, python-format -msgid "" -"Reverse record for IP address %(ip)s already exists in reverse zone %(zone)s." +#: ipaserver/plugins/baseldap.py:2536 +msgid "one or more values to remove" msgstr "" -#: ipaserver/plugins/dns.py:681 -#, python-format -msgid "%s record" -msgstr "" - -#: ipaserver/plugins/dns.py:683 -#, python-format -msgid "Raw %s records" -msgstr "" - -#: ipaserver/plugins/dns.py:684 -#, python-format -msgid "%s Record" -msgstr "" - -#: ipaserver/plugins/dns.py:685 -#, python-format -msgid "(see RFC %s for details)" -msgstr "" - -#: ipaserver/plugins/dns.py:747 -#, python-format -msgid "'%s' is a required part of DNS record" -msgstr "" - -#: ipaserver/plugins/dns.py:754 -msgid "Invalid number of parts!" -msgstr "" - -#: ipaserver/plugins/dns.py:806 -#, python-format -msgid "DNS RR type \"%s\" is not supported by bind-dyndb-ldap plugin" -msgstr "" - -#: ipaserver/plugins/dns.py:822 -#, python-format -msgid "format must be specified as \"%(format)s\" %(rfcs)s" -msgstr "" - -#: ipaserver/plugins/dns.py:897 -msgid "Create reverse" -msgstr "" - -#: ipaserver/plugins/dns.py:933 -#, python-format -msgid "Cannot create reverse record for \"%(value)s\": %(exc)s" -msgstr "" - -#: ipaserver/plugins/dns.py:1108 ipaserver/plugins/dns.py:1265 -msgid "Exchanger" -msgstr "" - -#: ipaserver/plugins/dns.py:1183 -msgid "" -"format must be specified as\n" -" \"d1 [m1 [s1]] {\"N\"|\"S\"} d2 [m2 [s2]] {\"E\"|\"W\"} alt[\"m\"] " -"[siz[\"m\"] [hp[\"m\"] [vp[\"m\"]]]]\"\n" -" where:\n" -" d1: [0 .. 90] (degrees latitude)\n" -" d2: [0 .. 180] (degrees longitude)\n" -" m1, m2: [0 .. 59] (minutes latitude/longitude)\n" -" s1, s2: [0 .. 59.999] (seconds latitude/longitude)\n" -" alt: [-100000.00 .. 42849672.95] BY .01 (altitude in meters)\n" -" siz, hp, vp: [0 .. 90000000.00] (size/precision in meters)\n" -" See RFC 1876 for details" -msgstr "" - -#: ipaserver/plugins/dns.py:1237 -#, python-format -msgid "'%(required)s' must not be empty when '%(name)s' is set" -msgstr "" - -#: ipaserver/plugins/dns.py:1292 -msgid "flags must be one of \"S\", \"A\", \"U\", or \"P\"" -msgstr "" - -#: ipaserver/plugins/dns.py:1353 ipaserver/plugins/dns.py:1483 -msgid "Priority (order)" -msgstr "" - -#: ipaserver/plugins/dns.py:1354 -msgid "" -"Lower number means higher priority. Clients will attempt to contact the " -"server with the lowest-numbered priority they can reach." -msgstr "" - -#: ipaserver/plugins/dns.py:1362 ipaserver/plugins/dns.py:1492 -msgid "Relative weight for entries with the same priority." -msgstr "" - -#: ipaserver/plugins/dns.py:1382 -msgid "the value does not follow \"YYYYMMDDHHMMSS\" time format" -msgstr "" - -#: ipaserver/plugins/dns.py:1484 -msgid "" -"Lower number means higher priority. Clients will attempt to contact the URI " -"with the lowest-numbered priority they can reach." -msgstr "" - -#: ipaserver/plugins/dns.py:1497 -msgid "Target Uniform Resource Identifier" -msgstr "" - -#: ipaserver/plugins/dns.py:1498 -msgid "Target Uniform Resource Identifier according to RFC 3986" -msgstr "" - -#: ipaserver/plugins/dns.py:1580 -#, python-format -msgid "Nameserver '%(host)s' does not have a corresponding A/AAAA record" -msgstr "" - -#: ipaserver/plugins/dns.py:2049 -msgid "Managedby permission" -msgstr "" - -#: ipaserver/plugins/dns.py:2150 -msgid "cannot be used when a zone is specified" -msgstr "" - -#: ipaserver/plugins/dns.py:2162 -msgid "Only one zone type is allowed per zone name" -msgstr "" - -#: ipaserver/plugins/dns.py:2305 -#, python-format -msgid "Added system permission \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/dns.py:2335 -#, python-format -msgid "permission \"%(value)s\" already exists" -msgstr "" - -#: ipaserver/plugins/dns.py:2363 -#, python-format -msgid "Removed system permission \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/dns.py:2399 -msgid "DNS zone" -msgstr "" - -#: ipaserver/plugins/dns.py:2400 -msgid "DNS zones" -msgstr "" - -#: ipaserver/plugins/dns.py:2408 -msgid "DNS Zones" -msgstr "" - -#: ipaserver/plugins/dns.py:2409 -msgid "DNS Zone" -msgstr "" - -#: ipaserver/plugins/dns.py:2481 -msgid "Default time to live" -msgstr "" - -#: ipaserver/plugins/dns.py:2482 -msgid "Time to live for records without explicit TTL definition" -msgstr "" - -#: ipaserver/plugins/dns.py:2697 -msgid "setting Authoritative nameserver" -msgstr "" - -#: ipaserver/plugins/dns.py:2698 -msgid "It is used only for setting the SOA MNAME attribute." -msgstr "" - -#: ipaserver/plugins/dns.py:2700 -msgid "NS record(s) can be edited in zone apex - '@'. " -msgstr "" - -#: ipaserver/plugins/dns.py:2735 -msgid "" -msgstr "" - -#: ipaserver/plugins/dns.py:2791 -msgid "Nameserver for reverse zone cannot be a relative DNS name" -msgstr "" - -#: ipaserver/plugins/dns.py:2846 -#, python-format -msgid "Deleted DNS zone \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/dns.py:2899 -msgid "is required" -msgstr "" - -#: ipaserver/plugins/dns.py:2980 -#, python-format -msgid "Disabled DNS zone \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/dns.py:2991 -#, python-format -msgid "Enabled DNS zone \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/dns.py:3016 -msgid "DNS resource record" -msgstr "" - -#: ipaserver/plugins/dns.py:3017 -msgid "DNS resource records" -msgstr "" - -#: ipaserver/plugins/dns.py:3024 -msgid "DNS Resource Records" -msgstr "" - -#: ipaserver/plugins/dns.py:3025 -msgid "DNS Resource Record" -msgstr "" - -#: ipaserver/plugins/dns.py:3060 -msgid "DS record must not be in zone apex (RFC 4035 section 2.4)" -msgstr "" - -#: ipaserver/plugins/dns.py:3077 -msgid "" -"out-of-zone data: record name must be a subdomain of the zone or a relative " -"name" -msgstr "" - -#: ipaserver/plugins/dns.py:3088 -#, python-format -msgid "" -"owner of %(types)s records should not be a wildcard domain name (RFC 4592 " -"section 4)" -msgstr "" - -#: ipaserver/plugins/dns.py:3133 -#, python-format -msgid "" -"Reverse zone %(name)s requires exactly %(count)d IP address components, " -"%(user_count)d given" -msgstr "" - -#: ipaserver/plugins/dns.py:3175 -msgid "only master zones can contain records" -msgstr "" - -#: ipaserver/plugins/dns.py:3273 -msgid "only one CNAME record is allowed per name (RFC 2136, section 1.1.5)" -msgstr "" - -#: ipaserver/plugins/dns.py:3279 -msgid "" -"CNAME record is not allowed to coexist with any other record (RFC 1034, " -"section 3.6.2)" -msgstr "" - -#: ipaserver/plugins/dns.py:3287 -msgid "only one DNAME record is allowed per name (RFC 6672, section 2.4)" -msgstr "" - -#: ipaserver/plugins/dns.py:3303 -#, python-format -msgid "" -"NS record is not allowed to coexist with an %(type)s record except when " -"located in a zone root record (RFC 2181, section 6.1)" -msgstr "" - -#: ipaserver/plugins/dns.py:3319 -msgid "" -"DS record requires to coexist with an NS record (RFC 4592 section 4.6, RFC " -"4035 section 2.4)" -msgstr "" - -#: ipaserver/plugins/dns.py:3600 -#, python-format -msgid "Raw value of a DNS record was already set by \"%(name)s\" option" -msgstr "" - -#: ipaserver/plugins/dns.py:3726 -msgid "DNS zone root record cannot be renamed" -msgstr "" - -#: ipaserver/plugins/dns.py:3744 -msgid "DNS records can be only updated one at a time" -msgstr "" - -#: ipaserver/plugins/dns.py:3837 -#, python-format -msgid "Deleted record \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/dns.py:3930 -#, python-format -msgid "Zone record '%s' cannot be deleted" -msgstr "" - -#: ipaserver/plugins/dns.py:4032 -#, python-format -msgid "Found '%(value)s'" -msgstr "" - -#: ipaserver/plugins/dns.py:4047 -#, python-format -msgid "Host '%(host)s' not found" -msgstr "" - -#: ipaserver/plugins/dns.py:4078 -msgid "DNS configuration options" -msgstr "" - -#: ipaserver/plugins/dns.py:4083 ipaserver/plugins/dns.py:4084 -msgid "DNS Global Configuration" -msgstr "" - -#: ipaserver/plugins/dns.py:4115 -msgid "IPA DNS version" -msgstr "" - -#: ipaserver/plugins/dns.py:4120 -msgid "List of IPA masters configured as DNS servers" -msgstr "" - -#: ipaserver/plugins/dns.py:4126 -msgid "IPA server configured as DNSSec key master" -msgstr "" - -#: ipaserver/plugins/dns.py:4177 -msgid "Global DNS configuration is empty" -msgstr "" - -#: ipaserver/plugins/dns.py:4258 -msgid "DNS forward zone" -msgstr "" - -#: ipaserver/plugins/dns.py:4259 -msgid "DNS forward zones" -msgstr "" - -#: ipaserver/plugins/dns.py:4261 -msgid "DNS Forward Zones" -msgstr "" - -#: ipaserver/plugins/dns.py:4262 -msgid "DNS Forward Zone" -msgstr "" - -#: ipaserver/plugins/dns.py:4369 ipaserver/plugins/dns.py:4419 -msgid "Please specify forwarders." -msgstr "" - -#: ipaserver/plugins/dns.py:4388 -#, python-format -msgid "Deleted DNS forward zone \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/dns.py:4445 -#, python-format -msgid "Disabled DNS forward zone \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/dns.py:4451 -#, python-format -msgid "Enabled DNS forward zone \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/dns.py:4474 -msgid "IPA DNS records" -msgstr "" - -#: ipaserver/plugins/dns.py:4478 -msgid "IPA location records" -msgstr "" - -#: ipaserver/plugins/dns.py:4485 -msgid "Update location and IPA server DNS records" -msgstr "" - -#: ipaserver/plugins/dns.py:4496 -msgid "Result of the command" -msgstr "" - -#: ipaserver/plugins/dns.py:4503 -msgid "Dry run" -msgstr "" - -#: ipaserver/plugins/dns.py:4504 -msgid "Do not update records only return expected records" -msgstr "" - -#: ipaserver/plugins/domainlevel.py:69 -#, python-brace-format -msgid "" -"Domain Level cannot be raised to {0}, existing replication conflicts have to " -"be resolved." -msgstr "" - -#: ipaserver/plugins/domainlevel.py:112 -msgid "Server does not support domain level functionality" -msgstr "" - -#: ipaserver/plugins/domainlevel.py:147 -msgid "Domain Level cannot be lowered." -msgstr "" - -#: ipaserver/plugins/domainlevel.py:155 -#, python-brace-format -msgid "Domain Level cannot be raised to {0}, server {1} does not support it." -msgstr "" - -#: ipaserver/plugins/group.py:62 +#: ipaserver/plugins/ca.py:20 msgid "" "\n" -"Groups of users\n" -"\n" -"Manage groups of users, groups, or services. By default, new groups are " -"POSIX\n" -"groups. You can add the --nonposix option to the group-add command to mark " -"a\n" -"new group as non-POSIX. You can use the --posix argument with the group-mod\n" -"command to convert a non-POSIX group into a POSIX group. POSIX groups cannot " -"be\n" -"converted to non-POSIX groups.\n" -"\n" -"Every group must have a description.\n" -"\n" -"POSIX groups must have a Group ID (GID) number. Changing a GID is\n" -"supported but can have an impact on your file permissions. It is not " -"necessary\n" -"to supply a GID when creating a group. IPA will generate one automatically\n" -"if it is not provided.\n" -"\n" -"Groups members can be users, other groups, and Kerberos services. In POSIX\n" -"environments only users will be visible as group members, but nested groups " -"and\n" -"groups of services can be used for IPA management purposes.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a new group:\n" -" ipa group-add --desc='local administrators' localadmins\n" -"\n" -" Add a new non-POSIX group:\n" -" ipa group-add --nonposix --desc='remote administrators' remoteadmins\n" -"\n" -" Convert a non-POSIX group to posix:\n" -" ipa group-mod --posix remoteadmins\n" -"\n" -" Add a new POSIX group with a specific Group ID number:\n" -" ipa group-add --gid=500 --desc='unix admins' unixadmins\n" -"\n" -" Add a new POSIX group and let IPA assign a Group ID number:\n" -" ipa group-add --desc='printer admins' printeradmins\n" -"\n" -" Remove a group:\n" -" ipa group-del unixadmins\n" -"\n" -" To add the \"remoteadmins\" group to the \"localadmins\" group:\n" -" ipa group-add-member --groups=remoteadmins localadmins\n" -"\n" -" Add multiple users to the \"localadmins\" group:\n" -" ipa group-add-member --users=test1 --users=test2 localadmins\n" -"\n" -" To add Kerberos services to the \"printer admins\" group:\n" -" ipa group-add-member --services=CUPS/some.host printeradmins\n" -"\n" -" Remove a user from the \"localadmins\" group:\n" -" ipa group-remove-member --users=test2 localadmins\n" -"\n" -" Display information about a named group.\n" -" ipa group-show localadmins\n" -"\n" -"Group membership managers are users or groups that can add members to a\n" -"group or remove members from a group.\n" -"\n" -" Allow user \"test2\" to add or remove members from group \"localadmins\":\n" -" ipa group-add-member-manager --users=test2 localadmins\n" -"\n" -" Revoke membership management rights for user \"test2\" from \"localadmins" -"\":\n" -" ipa group-remove-member-manager --users=test2 localadmins\n" -"\n" -"External group membership is designed to allow users from trusted domains\n" -"to be mapped to local POSIX groups in order to actually use IPA resources.\n" -"External members should be added to groups that specifically created as\n" -"external and non-POSIX. Such group later should be included into one of " -"POSIX\n" -"groups.\n" -"\n" -"An external group member is currently a Security Identifier (SID) as defined " -"by\n" -"the trusted domain. When adding external group members, it is possible to\n" -"specify them in either SID, or DOM\\name, or name@domain format. IPA will " -"attempt\n" -"to resolve passed name to SID with the use of Global Catalog of the trusted " -"domain.\n" -"\n" -"Example:\n" -"\n" -"1. Create group for the trusted domain admins' mapping and their local POSIX " -"group:\n" -"\n" -" ipa group-add --desc=' admins external map' ad_admins_external " -"--external\n" -" ipa group-add --desc=' admins' ad_admins\n" -"\n" -"2. Add security identifier of Domain Admins of the to the " -"ad_admins_external\n" -" group:\n" -"\n" -" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" -"\n" -"3. Allow members of ad_admins_external group to be associated with ad_admins " -"POSIX group:\n" -"\n" -" ipa group-add-member ad_admins --groups ad_admins_external\n" -"\n" -"4. List members of external members of ad_admins_external group to see their " -"SIDs:\n" -"\n" -" ipa group-show ad_admins_external\n" +"Manage Certificate Authorities\n" msgstr "" -#: ipaserver/plugins/group.py:195 -msgid "groups" +#: ipaserver/plugins/ca.py:22 +msgid "" +"\n" +"Subordinate Certificate Authorities (Sub-CAs) can be added for scoped " +"issuance\n" +"of X.509 certificates.\n" msgstr "" -#: ipaserver/plugins/group.py:328 -msgid "User Group" +#: ipaserver/plugins/ca.py:25 +msgid "" +"\n" +"CAs are enabled on creation, but their use is subject to CA ACLs unless the\n" +"operator has permission to bypass CA ACLs.\n" msgstr "" -#: ipaserver/plugins/group.py:360 +#: ipaserver/plugins/ca.py:28 +msgid "" +"\n" +"All CAs except the 'IPA' CA can be disabled or re-enabled. Disabling a CA\n" +"prevents it from issuing certificates but does not affect the validity of " +"its\n" +"certificate.\n" +msgstr "" + +#: ipaserver/plugins/ca.py:32 +msgid "" +"\n" +"CAs (all except the 'IPA' CA) can be deleted. Deleting a CA causes its " +"signing\n" +"certificate to be revoked and its private key deleted.\n" +msgstr "" + +#: ipaserver/plugins/ca.py:37 +msgid "" +"\n" +" Create new CA, subordinate to the IPA CA (requires permission\n" +" \"System: Add CA\"):\n" +"\n" +" ipa ca-add puppet --desc \"Puppet\" \\\n" +" --subject \"CN=Puppet CA,O=EXAMPLE.COM\"\n" +msgstr "" + +#: ipaserver/plugins/ca.py:43 +msgid "" +"\n" +" Disable a CA (requires permission \"System: Modify CA\"):\n" +"\n" +" ipa ca-disable puppet\n" +msgstr "" + +#: ipaserver/plugins/ca.py:47 +msgid "" +"\n" +" Re-enable a CA (requires permission \"System: Modify CA\"):\n" +"\n" +" ipa ca-enable puppet\n" +msgstr "" + +#: ipaserver/plugins/ca.py:51 +msgid "" +"\n" +" Delete a CA (requires permission \"System: Delete CA\"; also requires\n" +" CA to be disabled first):\n" +"\n" +" ipa ca-del puppet\n" +msgstr "" + +#: ipaserver/plugins/ca.py:68 ipaserver/plugins/ca.py:78 +msgid "Certificate Authority" +msgstr "" + +#: ipaserver/plugins/ca.py:69 ipaserver/plugins/ca.py:77 +msgid "Certificate Authorities" +msgstr "" + +#: ipaserver/plugins/ca.py:85 +msgid "Name for referencing the CA" +msgstr "" + +#: ipaserver/plugins/ca.py:90 +msgid "Description of the purpose of the CA" +msgstr "" + +#: ipaserver/plugins/ca.py:94 +msgid "Authority ID" +msgstr "" + +#: ipaserver/plugins/ca.py:95 +msgid "Dogtag Authority ID" +msgstr "" + +#: ipaserver/plugins/ca.py:100 ipaserver/plugins/ca.py:286 +msgid "Subject DN" +msgstr "" + +#: ipaserver/plugins/ca.py:101 +msgid "Subject Distinguished Name" +msgstr "" + +#: ipaserver/plugins/ca.py:107 +msgid "Issuer Distinguished Name" +msgstr "" + +#: ipaserver/plugins/ca.py:218 +msgid "Search for CAs." +msgstr "" + +#: ipaserver/plugins/ca.py:220 #, python-format -msgid "Added group \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/group.py:383 -msgid "gid cannot be set for external group" -msgstr "" - -#: ipaserver/plugins/group.py:395 -#, python-format -msgid "Deleted group \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/group.py:409 -msgid "privileged group" -msgstr "" - -#: ipaserver/plugins/group.py:442 -#, python-format -msgid "Modified group \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/group.py:517 -#, python-format -msgid "%(count)d group matched" -msgid_plural "%(count)d groups matched" +msgid "%(count)d CA matched" +msgid_plural "%(count)d CAs matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/group.py:716 -#, python-format -msgid "Detached group \"%(value)s\" from user \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/group.py:741 -msgid "not allowed to modify user entries" -msgstr "" - -#: ipaserver/plugins/group.py:752 -msgid "not allowed to modify group entries" -msgstr "" - -#: ipaserver/plugins/group.py:772 -msgid "Not a managed group" -msgstr "" - -#: ipaserver/plugins/group.py:794 -msgid "Add users that can manage members of this group." -msgstr "" - -#: ipaserver/plugins/group.py:802 -msgid "Remove users that can manage members of this group." -msgstr "" - -#: ipaserver/plugins/hbacrule.py:108 -msgid "The deny type has been deprecated." -msgstr "" - -#: ipaserver/plugins/hbacrule.py:131 -msgid "HBAC rules" -msgstr "" - -#: ipaserver/plugins/hbacrule.py:201 -msgid "HBAC Rules" -msgstr "" - -#: ipaserver/plugins/hbacrule.py:302 -#, python-format -msgid "Added HBAC rule \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/hbacrule.py:316 -#, python-format -msgid "Deleted HBAC rule \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/hbacrule.py:333 -#, python-format -msgid "Modified HBAC rule \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/hbacrule.py:368 -#, python-format -msgid "%(count)d HBAC rule matched" -msgid_plural "%(count)d HBAC rules matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/hbacrule.py:383 -#, python-format -msgid "Enabled HBAC rule \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/hbacrule.py:413 -#, python-format -msgid "Disabled HBAC rule \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/hbacrule.py:447 ipaserver/plugins/hbacrule.py:478 -msgid "Access time" -msgstr "" - -#: ipaserver/plugins/hbacrule.py:565 -msgid "Add source hosts and hostgroups to an HBAC rule." -msgstr "" - -#: ipaserver/plugins/idrange.py:43 -msgid "" -"=======\n" -"WARNING:\n" -"\n" -"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " -"the\n" -"local domain. Currently the DNA plugin *cannot* be reconfigured itself " -"based\n" -"on the local ranges set via this family of commands.\n" -"\n" -"Manual configuration change has to be done in the DNA plugin configuration " -"for\n" -"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" -"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " -"be\n" -"modified to match the new range.\n" -"=======\n" -msgstr "" - -#: ipaserver/plugins/idrange.py:57 -msgid "" -"\n" -"ID ranges\n" -"\n" -"Manage ID ranges used to map Posix IDs to SIDs and back.\n" -"\n" -"There are two type of ID ranges which are both handled by this utility:\n" -"\n" -" - the ID ranges of the local domain\n" -" - the ID ranges of trusted remote domains\n" -"\n" -"Both types have the following attributes in common:\n" -"\n" -" - base-id: the first ID of the Posix ID range\n" -" - range-size: the size of the range\n" -"\n" -"With those two attributes a range object can reserve the Posix IDs starting\n" -"with base-id up to but not including base-id+range-size exclusively.\n" -"\n" -"Additionally an ID range of the local domain may set\n" -" - rid-base: the first RID(*) of the corresponding RID range\n" -" - secondary-rid-base: first RID of the secondary RID range\n" -"\n" -"and an ID range of a trusted domain must set\n" -" - rid-base: the first RID of the corresponding RID range\n" -" - sid: domain SID of the trusted domain\n" -"\n" -"\n" -"\n" -"EXAMPLE: Add a new ID range for a trusted domain\n" -"\n" -"Since there might be more than one trusted domain the domain SID must be " -"given\n" -"while creating the ID range.\n" -"\n" -" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=0 \\\n" -" --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" -"\n" -"This ID range is then used by the IPA server and the SSSD IPA provider to\n" -"assign Posix UIDs to users from the trusted domain.\n" -"\n" -"If e.g. a range for a trusted domain is configured with the following " -"values:\n" -" base-id = 1200000\n" -" range-size = 200000\n" -" rid-base = 0\n" -"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " -"So\n" -"RID 1000 <-> Posix ID 1201000\n" -"\n" -"\n" -"\n" -"EXAMPLE: Add a new ID range for the local domain\n" -"\n" -"To create an ID range for the local domain it is not necessary to specify a\n" -"domain SID. But since it is possible that a user and a group can have the " -"same\n" -"value as Posix ID a second RID interval is needed to handle conflicts.\n" -"\n" -" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=1000 \\\n" -" --secondary-rid-base=1000000 local_range\n" -"\n" -"The data from the ID ranges of the local domain are used by the IPA server\n" -"internally to assign SIDs to IPA users and groups. The SID will then be " -"stored\n" -"in the user or group objects.\n" -"\n" -"If e.g. the ID range for the local domain is configured with the values " -"from\n" -"the example above then a new user with the UID 1200007 will get the RID " -"1007.\n" -"If this RID is already used by a group the RID will be 1000007. This can " -"only\n" -"happen if a user or a group object was created with a fixed ID because the\n" -"automatic assignment will not assign the same ID twice. Since there are " -"only\n" -"users and groups sharing the same ID namespace it is sufficient to have " -"only\n" -"one fallback range to handle conflicts.\n" -"\n" -"To find the Posix ID for a given RID from the local domain it has to be\n" -"checked first if the RID falls in the primary or secondary RID range and\n" -"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" -"and the base-id has to be added to get the Posix ID.\n" -"\n" -"Typically the creation of ID ranges happens behind the scenes and this CLI\n" -"must not be used at all. The ID range for the local domain will be created\n" -"during installation or upgrade from an older version. The ID range for a\n" -"trusted domain will be created together with the trust by 'ipa trust-" -"add ...'.\n" -"\n" -"USE CASES:\n" -"\n" -" Add an ID range from a transitively trusted domain\n" -"\n" -" If the trusted domain (A) trusts another domain (B) as well and this " -"trust\n" -" is transitive 'ipa trust-add domain-A' will only create a range for\n" -" domain A. The ID range for domain B must be added manually.\n" -"\n" -" Add an additional ID range for the local domain\n" -"\n" -" If the ID range of the local domain is exhausted, i.e. no new IDs can " -"be\n" -" assigned to Posix users or groups by the DNA plugin, a new range has to " -"be\n" -" created to allow new users and groups to be added. (Currently there is " -"no\n" -" connection between this range CLI and the DNA plugin, but a future " -"version\n" -" might be able to modify the configuration of the DNS plugin as well)\n" -"\n" -"In general it is not necessary to modify or delete ID ranges. If there is " -"no\n" -"other way to achieve a certain configuration than to modify or delete an ID\n" -"range it should be done with great care. Because UIDs are stored in the " -"file\n" -"system and are used for access control it might be possible that users are\n" -"allowed to access files of other users if an ID range got deleted and " -"reused\n" -"for a different domain.\n" -"\n" -"(*) The RID is typically the last integer of a user or group SID which " -"follows\n" -"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " -"from\n" -"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " -"the\n" -"user. RIDs are unique in a domain, 32bit values and are used for users and\n" -"groups.\n" -"\n" -msgstr "" - -#: ipaserver/plugins/idrange.py:198 -msgid "ID Ranges" -msgstr "" - -#: ipaserver/plugins/idrange.py:199 -msgid "ID Range" -msgstr "" - -#: ipaserver/plugins/idrange.py:203 -msgid "local domain range" -msgstr "" - -#: ipaserver/plugins/idrange.py:246 -msgid "ID range type, one of allowed values" -msgstr "" - -#: ipaserver/plugins/idrange.py:321 -msgid "" -"range modification leaving objects with ID out of the defined range is not " -"allowed" -msgstr "" - -#: ipaserver/plugins/idrange.py:326 -msgid "" -"Cannot perform SID validation without Samba 4 support installed. Make sure " -"you have installed server-trust-ad sub-package of IPA on the server" -msgstr "" - -#: ipaserver/plugins/idrange.py:333 -msgid "" -"Cross-realm trusts are not configured. Make sure you have run ipa-adtrust-" -"install on the IPA server first" -msgstr "" - -#: ipaserver/plugins/idrange.py:345 -msgid "SID is not recognized as a valid SID for a trusted domain" -msgstr "" - -#: ipaserver/plugins/idrange.py:382 -msgid "" -"\n" -" Add new ID range.\n" -"\n" -" To add a new ID range you always have to specify\n" -"\n" -" --base-id\n" -" --range-size\n" -"\n" -" Additionally\n" -"\n" -" --rid-base\n" -" --secondary-rid-base\n" -"\n" -" may be given for a new ID range for the local domain while\n" -"\n" -" --rid-base\n" -" --dom-sid\n" -"\n" -" must be given to add a new range for a trusted AD domain.\n" -"\n" -msgstr "" - -#: ipaserver/plugins/idrange.py:404 -#, python-format -msgid "Added ID range \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/idrange.py:416 ipaserver/plugins/idrange.py:666 -msgid "Options dom-sid and dom-name cannot be used together" -msgstr "" - -#: ipaserver/plugins/idrange.py:427 -msgid "Specified trusted domain name could not be found." -msgstr "" - -#: ipaserver/plugins/idrange.py:442 -msgid "Options dom-sid/dom-name and rid-base must be used together" -msgstr "" - -#: ipaserver/plugins/idrange.py:449 ipaserver/plugins/idrange.py:701 -msgid "" -"Option rid-base must not be used when IPA range type is ipa-ad-trust-posix" -msgstr "" - -#: ipaserver/plugins/idrange.py:456 -msgid "" -"IPA Range type must be one of ipa-ad-trust or ipa-ad-trust-posix when SID of " -"the trusted domain is specified" -msgstr "" - -#: ipaserver/plugins/idrange.py:462 -msgid "Options dom-sid/dom-name and secondary-rid-base cannot be used together" -msgstr "" - -#: ipaserver/plugins/idrange.py:481 -msgid "" -"IPA Range type must not be one of ipa-ad-trust or ipa-ad-trust-posix when " -"SID of the trusted domain is not specified." -msgstr "" - -#: ipaserver/plugins/idrange.py:488 ipaserver/plugins/idrange.py:720 -msgid "Options secondary-rid-base and rid-base must be used together" -msgstr "" - -#: ipaserver/plugins/idrange.py:498 ipaserver/plugins/idrange.py:743 -msgid "Primary RID range and secondary RID range cannot overlap" -msgstr "" - -#: ipaserver/plugins/idrange.py:510 -msgid "" -"You must specify both rid-base and secondary-rid-base options, because ipa-" -"adtrust-install has already been run." -msgstr "" - -#: ipaserver/plugins/idrange.py:529 -#, python-format -msgid "Deleted ID range \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/idrange.py:578 -#, python-format -msgid "%(count)d range matched" -msgid_plural "%(count)d ranges matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/idrange.py:614 -msgid "" -"Modify ID range.\n" -"\n" -msgstr "" - -#: ipaserver/plugins/idrange.py:618 -#, python-format -msgid "Modified ID range \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/idrange.py:650 -msgid "" -"This command can not be used to change ID allocation for local IPA domain. " -"Run `ipa help idrange` for more information" -msgstr "" - -#: ipaserver/plugins/idrange.py:678 -msgid "" -"SID for the specified trusted domain name could not be found. Please specify " -"the SID directly using dom-sid option." -msgstr "" - -#: ipaserver/plugins/idrange.py:685 -msgid "Options dom-sid and secondary-rid-base cannot be used together" -msgstr "" - -#: ipaserver/plugins/idrange.py:692 -msgid "Options dom-sid and rid-base must be used together" -msgstr "" - -#: ipaserver/plugins/sudo.py:7 -msgid "commands for controlling sudo configuration" -msgstr "" - -#: ipaserver/plugins/sudocmd.py:33 -msgid "" -"\n" -"Sudo Commands\n" -"\n" -"Commands used as building blocks for sudo\n" -"\n" -"EXAMPLES:\n" -"\n" -" Create a new command\n" -" ipa sudocmd-add --desc='For reading log files' /usr/bin/less\n" -"\n" -" Remove a command\n" -" ipa sudocmd-del /usr/bin/less\n" -"\n" -msgstr "" - -#: ipaserver/plugins/sudocmd.py:58 -msgid "sudo command" -msgstr "" - -#: ipaserver/plugins/sudocmd.py:59 -msgid "sudo commands" -msgstr "" - -#: ipaserver/plugins/sudocmd.py:111 -msgid "Sudo Commands" -msgstr "" - -#: ipaserver/plugins/sudocmd.py:148 -#, python-format -msgid "Added Sudo Command \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/sudocmd.py:155 -#, python-format -msgid "Deleted Sudo Command \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/sudocmd.py:188 -#, python-format -msgid "Modified Sudo Command \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/sudocmd.py:196 -#, python-format -msgid "%(count)d Sudo Command matched" -msgid_plural "%(count)d Sudo Commands matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/sudocmdgroup.py:34 -msgid "" -"\n" -"Groups of Sudo Commands\n" -"\n" -"Manage groups of Sudo Commands.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a new Sudo Command Group:\n" -" ipa sudocmdgroup-add --desc='administrators commands' admincmds\n" -"\n" -" Remove a Sudo Command Group:\n" -" ipa sudocmdgroup-del admincmds\n" -"\n" -" Manage Sudo Command Group membership, commands:\n" -" ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less --sudocmds=/usr/bin/" -"vim admincmds\n" -"\n" -" Manage Sudo Command Group membership, commands:\n" -" ipa sudocmdgroup-remove-member --sudocmds=/usr/bin/less admincmds\n" -"\n" -" Show a Sudo Command Group:\n" -" ipa sudocmdgroup-show admincmds\n" -msgstr "" - -#: ipaserver/plugins/sudocmdgroup.py:67 -msgid "sudo command group" -msgstr "" - -#: ipaserver/plugins/sudocmdgroup.py:68 -msgid "sudo command groups" -msgstr "" - -#: ipaserver/plugins/sudocmdgroup.py:149 -#, python-format -msgid "Added Sudo Command Group \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/sudocmdgroup.py:157 -#, python-format -msgid "Deleted Sudo Command Group \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/sudocmdgroup.py:165 -#, python-format -msgid "Modified Sudo Command Group \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/sudocmdgroup.py:174 -#, python-format -msgid "%(count)d Sudo Command Group matched" -msgid_plural "%(count)d Sudo Command Groups matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/user.py:163 ipaserver/plugins/sudorule.py:428 -msgid "users" -msgstr "" - -#: ipaserver/plugins/user.py:492 -#, python-format -msgid "Added user \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/user.py:588 ipaserver/plugins/migration.py:804 -msgid "Default group for new users not found" -msgstr "" - -#: ipaserver/plugins/user.py:591 -msgid "Default group for new users is not POSIX" -msgstr "" - -#: ipaserver/plugins/user.py:680 -#, python-format -msgid "Deleted user \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/user.py:698 -#, python-format -msgid "%s: user is already preserved" -msgstr "" - -#: ipaserver/plugins/user.py:809 -#, python-format -msgid "Modified user \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/user.py:920 -#, python-format -msgid "Undeleted user account \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/user.py:934 -#, python-format -msgid "user \"%s\" is already active" -msgstr "" - -#: ipaserver/plugins/user.py:965 -#, python-format -msgid "Staged user account \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/user.py:1059 -#, python-format -msgid "Disabled user account \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/user.py:1081 -#, python-format -msgid "Enabled user account \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/user.py:1098 -msgid "" -"\n" -" Unlock a user account\n" -"\n" -" An account may become locked if the password is entered incorrectly too\n" -" many times within a specific time period as controlled by password\n" -" policy. A locked account is a temporary condition and may be unlocked " -"by\n" -" an administrator." -msgstr "" - -#: ipaserver/plugins/user.py:1107 -#, python-format -msgid "Unlocked account \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/user.py:1139 -msgid "Failed logins" -msgstr "" - -#: ipaserver/plugins/user.py:1143 -msgid "Last successful authentication" -msgstr "" - -#: ipaserver/plugins/user.py:1147 -msgid "Last failed authentication" -msgstr "" - -#: ipaserver/plugins/user.py:1151 -msgid "Time now" -msgstr "" - -#: ipaserver/plugins/user.py:1159 -msgid "" -"\n" -" Lockout status of a user account\n" -"\n" -" An account may become locked if the password is entered incorrectly too\n" -" many times within a specific time period as controlled by password\n" -" policy. A locked account is a temporary condition and may be unlocked " -"by\n" -" an administrator.\n" -"\n" -" This connects to each IPA master and displays the lockout status on\n" -" each one.\n" -"\n" -" To determine whether an account is locked on a given server you need\n" -" to compare the number of failed logins and the time of the last " -"failure.\n" -" For an account to be locked it must exceed the maxfail failures within\n" -" the failinterval duration as specified in the password policy " -"associated\n" -" with the user.\n" -"\n" -" The failed login counter is modified only when a user attempts a log in\n" -" so it is possible that an account may appear locked but the last failed\n" -" login attempt is older than the lockouttime of the password policy. " -"This\n" -" means that the user may attempt a login again. " -msgstr "" - -#: ipaserver/plugins/user.py:1213 -#, python-format -msgid "%(host)s failed: %(error)s" -msgstr "" - -#: ipaserver/plugins/user.py:1251 -#, python-format -msgid "%(host)s failed" -msgstr "" - -#: ipaserver/plugins/user.py:1261 -#, python-format -msgid "Account disabled: %(disabled)s" -msgstr "" - -#: ipaserver/plugins/user.py:1269 -#, python-format -msgid "Added certificates to user \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/user.py:1275 -#, python-format -msgid "Removed certificates from user \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/user.py:1280 ipaserver/plugins/baseuser.py:945 -msgid "Add one or more certificate mappings to the user entry." -msgstr "" - -#: ipaserver/plugins/user.py:1285 ipaserver/plugins/baseuser.py:964 -msgid "Remove one or more certificate mappings from the user entry." -msgstr "" - -#: ipaserver/plugins/user.py:1300 -msgid "Add new principal alias to the user entry" -msgstr "" - -#: ipaserver/plugins/user.py:1301 -#, python-format -msgid "Added new aliases to user \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/user.py:1306 -msgid "Remove principal alias from the user entry" -msgstr "" - -#: ipaserver/plugins/user.py:1307 -#, python-format -msgid "Removed aliases from user \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/cert.py:69 -msgid "" -"\n" -"IPA certificate operations\n" -msgstr "" - -#: ipaserver/plugins/cert.py:71 -msgid "" -"\n" -"Implements a set of commands for managing server SSL certificates.\n" -msgstr "" - -#: ipaserver/plugins/cert.py:73 -msgid "" -"\n" -"Certificate requests exist in the form of a Certificate Signing Request " -"(CSR)\n" -"in PEM format.\n" -msgstr "" - -#: ipaserver/plugins/cert.py:76 -msgid "" -"\n" -"The dogtag CA uses just the CN value of the CSR and forces the rest of the\n" -"subject to values configured in the server.\n" -msgstr "" - -#: ipaserver/plugins/cert.py:79 -msgid "" -"\n" -"A certificate is stored with a service principal and a service principal\n" -"needs a host.\n" -msgstr "" - -#: ipaserver/plugins/cert.py:82 -msgid "" -"\n" -"In order to request a certificate:\n" -msgstr "" - -#: ipaserver/plugins/cert.py:84 -msgid "" -"\n" -"* The host must exist\n" -"* The service must exist (or you use the --add option to automatically add " -"it)\n" -msgstr "" - -#: ipaserver/plugins/cert.py:87 -msgid "" -"\n" -"SEARCHING:\n" -msgstr "" - -#: ipaserver/plugins/cert.py:89 -msgid "" -"\n" -"Certificates may be searched on by certificate subject, serial number,\n" -"revocation reason, validity dates and the issued date.\n" -msgstr "" - -#: ipaserver/plugins/cert.py:92 -msgid "" -"\n" -"When searching on dates the _from date does a >= search and the _to date\n" -"does a <= search. When combined these are done as an AND.\n" -msgstr "" - -#: ipaserver/plugins/cert.py:95 -msgid "" -"\n" -"Dates are treated as GMT to match the dates in the certificates.\n" -msgstr "" - -#: ipaserver/plugins/cert.py:97 -msgid "" -"\n" -"The date format is YYYY-mm-dd.\n" -msgstr "" - -#: ipaserver/plugins/cert.py:101 -msgid "" -"\n" -" Request a new certificate and add the principal:\n" -" ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n" -msgstr "" - -#: ipaserver/plugins/cert.py:104 -msgid "" -"\n" -" Retrieve an existing certificate:\n" -" ipa cert-show 1032\n" -msgstr "" - -#: ipaserver/plugins/cert.py:107 -msgid "" -"\n" -" Revoke a certificate (see RFC 5280 for reason details):\n" -" ipa cert-revoke --revocation-reason=6 1032\n" -msgstr "" - -#: ipaserver/plugins/cert.py:110 -msgid "" -"\n" -" Remove a certificate from revocation hold status:\n" -" ipa cert-remove-hold 1032\n" -msgstr "" - -#: ipaserver/plugins/cert.py:113 -msgid "" -"\n" -" Check the status of a signing request:\n" -" ipa cert-status 10\n" -msgstr "" - -#: ipaserver/plugins/cert.py:116 -msgid "" -"\n" -" Search for certificates by hostname:\n" -" ipa cert-find --subject=ipaserver.example.com\n" -msgstr "" - -#: ipaserver/plugins/cert.py:119 -msgid "" -"\n" -" Search for revoked certificates by reason:\n" -" ipa cert-find --revocation-reason=5\n" -msgstr "" - -#: ipaserver/plugins/cert.py:122 -msgid "" -"\n" -" Search for certificates based on issuance date\n" -" ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n" +#: ipaserver/plugins/ca.py:243 +msgid "Display the properties of a CA." msgstr "" -#: ipaserver/plugins/cert.py:125 -msgid "" -"\n" -" Search for certificates owned by a specific user:\n" -" ipa cert-find --user=user\n" +#: ipaserver/plugins/ca.py:260 +msgid "Create a CA." msgstr "" -#: ipaserver/plugins/cert.py:128 -msgid "" -"\n" -" Examine a certificate:\n" -" ipa cert-find --file=cert.pem --all\n" -msgstr "" - -#: ipaserver/plugins/cert.py:131 -msgid "" -"\n" -" Verify that a certificate is owned by a specific user:\n" -" ipa cert-find --file=cert.pem --user=user\n" -msgstr "" - -#: ipaserver/plugins/cert.py:134 -msgid "" -"\n" -"IPA currently immediately issues (or declines) all certificate requests so\n" -"the status of a request is not normally useful. This is for future use\n" -"or the case where a CA does not immediately issue a certificate.\n" -msgstr "" - -#: ipaserver/plugins/cert.py:138 -msgid "" -"\n" -"The following revocation reasons are supported:\n" -"\n" -msgstr "" - -#: ipaserver/plugins/cert.py:141 -msgid " * 0 - unspecified\n" -msgstr "" - -#: ipaserver/plugins/cert.py:142 -msgid " * 1 - keyCompromise\n" -msgstr "" - -#: ipaserver/plugins/cert.py:143 -msgid " * 2 - cACompromise\n" -msgstr "" - -#: ipaserver/plugins/cert.py:144 -msgid " * 3 - affiliationChanged\n" -msgstr "" - -#: ipaserver/plugins/cert.py:145 -msgid " * 4 - superseded\n" -msgstr "" - -#: ipaserver/plugins/cert.py:146 -msgid " * 5 - cessationOfOperation\n" -msgstr "" - -#: ipaserver/plugins/cert.py:147 -msgid " * 6 - certificateHold\n" -msgstr "" - -#: ipaserver/plugins/cert.py:148 -msgid " * 8 - removeFromCRL\n" -msgstr "" - -#: ipaserver/plugins/cert.py:149 -msgid " * 9 - privilegeWithdrawn\n" -msgstr "" - -#: ipaserver/plugins/cert.py:150 -msgid " * 10 - aACompromise\n" -msgstr "" - -#: ipaserver/plugins/cert.py:151 -msgid "" -"\n" -"Note that reason code 7 is not used. See RFC 5280 for more details:\n" -msgstr "" - -#: ipaserver/plugins/cert.py:153 -msgid "" -"\n" -"http://www.ietf.org/rfc/rfc5280.txt\n" -"\n" -msgstr "" - -#: ipaserver/plugins/cert.py:283 ipaserver/plugins/certprofile.py:86 -msgid "CA is not configured" -msgstr "" - -#: ipaserver/plugins/cert.py:289 -#, python-format -msgid "" -"Principal '%(principal)s' is not permitted to use CA '%(ca)s' with profile " -"'%(profile_id)s' for certificate issuance." -msgstr "" - -#: ipaserver/plugins/cert.py:309 -msgid "enabledService/configuredService not in ipaConfigString kdc entry" -msgstr "" - -#: ipaserver/plugins/cert.py:313 -#, python-format -msgid "Host '%(hostname)s' is not an active KDC" -msgstr "" - -#: ipaserver/plugins/cert.py:347 -msgid "Issuing CA" -msgstr "" - -#: ipaserver/plugins/cert.py:348 -msgid "Name of issuing CA" -msgstr "" - -#: ipaserver/plugins/cert.py:365 ipaserver/plugins/cert.py:1502 -#: ipaserver/plugins/internal.py:653 ipaserver/plugins/internal.py:729 -#: ipaserver/plugins/baseuser.py:831 ipaserver/plugins/service.py:497 -#: ipaserver/plugins/host.py:506 -msgid "Subject" -msgstr "" - -#: ipaserver/plugins/cert.py:370 -msgid "Subject email address" -msgstr "" - -#: ipaserver/plugins/cert.py:375 -msgid "Subject DNS name" -msgstr "" - -#: ipaserver/plugins/cert.py:380 -msgid "Subject X.400 address" -msgstr "" - -#: ipaserver/plugins/cert.py:385 -msgid "Subject directory name" -msgstr "" - -#: ipaserver/plugins/cert.py:390 -msgid "Subject EDI Party name" -msgstr "" - -#: ipaserver/plugins/cert.py:395 -msgid "Subject URI" -msgstr "" - -#: ipaserver/plugins/cert.py:400 -msgid "Subject IP Address" -msgstr "" - -#: ipaserver/plugins/cert.py:405 -msgid "Subject OID" -msgstr "" - -#: ipaserver/plugins/cert.py:410 -msgid "Subject UPN" -msgstr "" - -#: ipaserver/plugins/cert.py:415 -msgid "Subject Kerberos principal name" -msgstr "" - -#: ipaserver/plugins/cert.py:420 -msgid "Subject Other Name" -msgstr "" - -#: ipaserver/plugins/cert.py:425 ipaserver/plugins/internal.py:726 -#: ipaserver/plugins/baseuser.py:824 ipaserver/plugins/service.py:509 -#: ipaserver/plugins/host.py:518 -msgid "Issuer" -msgstr "" - -#: ipaserver/plugins/cert.py:431 ipaserver/plugins/service.py:513 -#: ipaserver/plugins/host.py:522 -msgid "Not Before" -msgstr "" - -#: ipaserver/plugins/cert.py:436 ipaserver/plugins/service.py:517 -#: ipaserver/plugins/host.py:526 -msgid "Not After" -msgstr "" - -#: ipaserver/plugins/cert.py:441 ipaserver/plugins/service.py:521 -#: ipaserver/plugins/host.py:530 -msgid "Fingerprint (SHA1)" -msgstr "" - -#: ipaserver/plugins/cert.py:446 ipaserver/plugins/service.py:525 -#: ipaserver/plugins/host.py:534 -msgid "Fingerprint (SHA256)" -msgstr "" - -#: ipaserver/plugins/cert.py:458 -msgid "Serial number (hex)" -msgstr "" - -#: ipaserver/plugins/cert.py:584 -msgid "Request status" -msgstr "" - -#: ipaserver/plugins/cert.py:630 -msgid "" -"automatically add the principal if it doesn't exist (service principals only)" -msgstr "" - -#: ipaserver/plugins/cert.py:679 -#, python-format -msgid "krbtgt certs can use only the %s profile" -msgstr "" - -#: ipaserver/plugins/cert.py:731 -msgid "No Common Name was found in subject of request." -msgstr "" - -#: ipaserver/plugins/cert.py:739 -#, python-format -msgid "" -"hostname in subject of request '%(cn)s' does not match name or aliases of " -"principal '%(principal)s'" -msgstr "" - -#: ipaserver/plugins/cert.py:745 -#, python-format -msgid "" -"hostname in subject of request '%(cn)s' does not match principal hostname " -"'%(hostname)s'" -msgstr "" - -#: ipaserver/plugins/cert.py:754 -msgid "DN commonName does not match user's login" -msgstr "" - -#: ipaserver/plugins/cert.py:768 -msgid "DN emailAddress does not match any of user's email addresses" -msgstr "" - -#: ipaserver/plugins/cert.py:777 -#, python-format -msgid "" -"Insufficient 'write' privilege to the 'userCertificate' attribute of entry " -"'%s'." -msgstr "" - -#: ipaserver/plugins/cert.py:798 ipaserver/plugins/cert.py:916 -#, python-format -msgid "subject alt name type %s is forbidden for user principals" -msgstr "" - -#: ipaserver/plugins/cert.py:843 -#, python-format -msgid "" -"The service principal for subject alt name %s in certificate request does " -"not exist" -msgstr "" - -#: ipaserver/plugins/cert.py:874 -#, python-format -msgid "" -"Insufficient privilege to create a certificate with subject alt name '%s'." -msgstr "" - -#: ipaserver/plugins/cert.py:892 -#, python-format -msgid "Principal '%s' in subject alt name does not match requested principal" -msgstr "" - -#: ipaserver/plugins/cert.py:901 -msgid "RFC822Name does not match any of user's email addresses" -msgstr "" - -#: ipaserver/plugins/cert.py:908 -#, python-format -msgid "subject alt name type %s is forbidden for non-user principals" -msgstr "" - -#: ipaserver/plugins/cert.py:925 -#, python-format -msgid "Subject alt name type %s is forbidden" -msgstr "" - -#: ipaserver/plugins/cert.py:943 -#, python-format -msgid "CA '%s' is disabled" -msgstr "" - -#: ipaserver/plugins/cert.py:1030 -msgid "'add' option" -msgstr "" - -#: ipaserver/plugins/cert.py:1150 -#, python-format -msgid "IP address in subjectAltName (%s) unreachable from DNS names" -msgstr "" - -#: ipaserver/plugins/cert.py:1167 -#, python-format -msgid "IP address in subjectAltName (%s) does not have PTR record" -msgstr "" - -#: ipaserver/plugins/cert.py:1179 -#, python-format -msgid "PTR record for SAN IP (%s) does not match A/AAAA records" -msgstr "" - -#: ipaserver/plugins/cert.py:1273 ipaserver/plugins/internal.py:700 -#: ipaserver/plugins/internal.py:1030 ipaserver/plugins/internal.py:1332 -#: ipaserver/plugins/internal.py:1916 -msgid "Status" -msgstr "" - -#: ipaserver/plugins/cert.py:1278 -msgid "Revoked" -msgstr "" - -#: ipaserver/plugins/cert.py:1283 ipaserver/plugins/internal.py:650 -#: ipaserver/plugins/internal.py:691 ipaserver/plugins/service.py:529 -#: ipaserver/plugins/host.py:538 -msgid "Revocation reason" -msgstr "" - -#: ipaserver/plugins/cert.py:1284 -msgid "" -"Reason for revoking the certificate (0-10). Type \"ipa help cert\" for " -"revocation reason details. " -msgstr "" - -#: ipaserver/plugins/cert.py:1306 -#, python-format -msgid "Owner %s" -msgstr "" - -#: ipaserver/plugins/cert.py:1393 -#, python-format -msgid "" -"Certificate with serial number %(serial)s issued by CA '%(ca)s' not found" -msgstr "" - -#: ipaserver/plugins/cert.py:1462 -msgid "7 is not a valid revocation reason" -msgstr "" - -#: ipaserver/plugins/cert.py:1564 -msgid "Results should contain primary key attribute only (\"certificate\")" -msgstr "" - -#: ipaserver/plugins/cert.py:1580 -#, python-format -msgid "%(count)d certificate matched" -msgid_plural "%(count)d certificates matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/cert.py:1602 -#, python-format -msgid "Search for certificates with these owner %s." -msgstr "" - -#: ipaserver/plugins/cert.py:1613 -#, python-format -msgid "Search for certificates without these owner %s." -msgstr "" - -#: ipaserver/plugins/whoami.py:15 -msgid "" -"\n" -"Return information about currently authenticated identity\n" -"\n" -"Who am I command returns information on how to get\n" -"more details about the identity authenticated for this\n" -"request. The information includes:\n" -"\n" -" * type of object\n" -" * command to retrieve details of the object\n" -" * arguments and options to pass to the command\n" -"\n" -"The information is returned as a dictionary. Examples below use\n" -"'key: value' output for illustrative purposes.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Look up as IPA user:\n" -" kinit admin\n" -" ipa console\n" -" >> api.Command.whoami()\n" -" ------------------------------------------\n" -" object: user\n" -" command: user_show/1\n" -" arguments: admin\n" -" ------------------------------------------\n" -"\n" -" Look up as a user from a trusted domain:\n" -" kinit user@AD.DOMAIN\n" -" ipa console\n" -" >> api.Command.whoami()\n" -" ------------------------------------------\n" -" object: idoverrideuser\n" -" command: idoverrideuser_show/1\n" -" arguments: ('default trust view', 'user@ad.domain')\n" -" ------------------------------------------\n" -"\n" -" Look up as a host:\n" -" kinit -k\n" -" ipa console\n" -" >> api.Command.whoami()\n" -" ------------------------------------------\n" -" object: host\n" -" command: host_show/1\n" -" arguments: ipa.example.com\n" -" ------------------------------------------\n" -"\n" -" Look up as a Kerberos service:\n" -" kinit -k -t /path/to/keytab HTTP/ipa.example.com\n" -" ipa console\n" -" >> api.Command.whoami()\n" -" ------------------------------------------\n" -" object: service\n" -" command: service_show/1\n" -" arguments: HTTP/ipa.example.com\n" -" ------------------------------------------\n" -msgstr "" - -#: ipaserver/plugins/whoami.py:77 -msgid "Describe currently authenticated identity." -msgstr "" - -#: ipaserver/plugins/whoami.py:82 ipaserver/plugins/whoami.py:88 -msgid "Object class name" -msgstr "" - -#: ipaserver/plugins/whoami.py:83 ipaserver/plugins/whoami.py:89 -msgid "Function to get details" -msgstr "" - -#: ipaserver/plugins/whoami.py:84 ipaserver/plugins/whoami.py:91 -msgid "Arguments to details function" -msgstr "" - -#: ipaserver/plugins/whoami.py:111 -msgid "Cannot query Directory Manager with API" -msgstr "" - -#: ipaserver/plugins/idviews.py:72 ipaserver/plugins/idviews.py:123 -#: ipaserver/plugins/idviews.py:131 ipaserver/plugins/idviews.py:351 -#: ipaserver/plugins/idviews.py:803 -msgid "ID View" -msgstr "" - -#: ipaserver/plugins/idviews.py:74 -msgid "system ID View" -msgstr "" - -#: ipaserver/plugins/idviews.py:124 ipaserver/plugins/idviews.py:130 -msgid "ID Views" -msgstr "" - -#: ipaserver/plugins/idviews.py:145 -msgid "User object overrides" -msgstr "" - -#: ipaserver/plugins/idviews.py:149 -msgid "Group object overrides" -msgstr "" - -#: ipaserver/plugins/idviews.py:153 -msgid "Hosts the view applies to" -msgstr "" - -#: ipaserver/plugins/idviews.py:196 -#, python-format -msgid "Added ID View \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/idviews.py:213 -#, python-format -msgid "Deleted ID View \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/idviews.py:226 -#, python-format -msgid "Modified an ID View \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/idviews.py:242 -#, python-format -msgid "%(count)d ID View matched" -msgid_plural "%(count)d ID Views matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/idviews.py:352 -msgid "Default Trust View cannot be applied on hosts" -msgstr "" - -#: ipaserver/plugins/idviews.py:380 ipaserver/plugins/idviews.py:413 -msgid "not found" -msgstr "" - -#: ipaserver/plugins/idviews.py:394 -msgid "ID View cannot be applied to IPA master" -msgstr "" - -#: ipaserver/plugins/idviews.py:411 -msgid "ID View already applied" -msgstr "" - -#: ipaserver/plugins/idviews.py:431 -msgid "value" -msgstr "" - -#: ipaserver/plugins/idviews.py:444 -#, python-format -msgid "ID View applied to %i host." -msgstr "" - -#: ipaserver/plugins/idviews.py:445 -#, python-format -msgid "ID View applied to %i hosts." -msgstr "" - -#: ipaserver/plugins/idviews.py:487 -#, python-format -msgid "ID View cleared from %i host." -msgstr "" - -#: ipaserver/plugins/idviews.py:488 -#, python-format -msgid "ID View cleared from %i hosts." -msgstr "" - -#: ipaserver/plugins/idviews.py:556 -msgid "" -"You are trying to reference a magic private group which is not allowed to be " -"overridden. Try overriding the GID attribute of the corresponding user " -"instead." -msgstr "" - -#: ipaserver/plugins/idviews.py:594 -msgid "IPA object" -msgstr "" - -#: ipaserver/plugins/idviews.py:595 -msgid "" -"system IPA objects (e.g. system groups, user private groups) cannot be " -"overridden" -msgstr "" - -#: ipaserver/plugins/idviews.py:689 +#: ipaserver/plugins/ca.py:261 #, python-format -msgid "Anchor '%(anchor)s' could not be resolved." -msgstr "" - -#: ipaserver/plugins/idviews.py:804 -msgid "Default Trust View cannot contain IPA users" -msgstr "" - -#: ipaserver/plugins/idviews.py:848 -msgid "Add a new ID override." +msgid "Created CA \"%(value)s\"" msgstr "" -#: ipaserver/plugins/idviews.py:849 +#: ipaserver/plugins/ca.py:271 #, python-format -msgid "Added ID override \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/idviews.py:864 -msgid "Delete an ID override." +msgid "Insufficient 'add' privilege for entry '%s'." msgstr "" -#: ipaserver/plugins/idviews.py:865 +#: ipaserver/plugins/ca.py:287 #, python-format -msgid "Deleted ID override \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/idviews.py:888 -msgid "Modify an ID override." +msgid "Unrecognized attributes: %(attrs)s" msgstr "" -#: ipaserver/plugins/idviews.py:889 +#: ipaserver/plugins/ca.py:302 #, python-format -msgid "Modified an ID override \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/idviews.py:896 -msgid "ID override" -msgstr "" - -#: ipaserver/plugins/idviews.py:897 -msgid "ID overrides cannot be renamed" +msgid "Subject DN is already used by CA '%s'" msgstr "" -#: ipaserver/plugins/idviews.py:909 -msgid "Search for an ID override." +#: ipaserver/plugins/ca.py:326 +msgid "Delete a CA (must be disabled first)." msgstr "" -#: ipaserver/plugins/idviews.py:910 +#: ipaserver/plugins/ca.py:328 #, python-format -msgid "%(count)d ID override matched" -msgid_plural "%(count)d ID overrides matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/idviews.py:922 -msgid "Display information about an ID override." +msgid "Deleted CA \"%(value)s\"" msgstr "" -#: ipaserver/plugins/idviews.py:934 ipaserver/plugins/idviews.py:938 -msgid "User ID override" +#: ipaserver/plugins/ca.py:337 +msgid "Insufficient privilege to delete a CA." msgstr "" -#: ipaserver/plugins/idviews.py:935 ipaserver/plugins/idviews.py:937 -msgid "User ID overrides" +#: ipaserver/plugins/ca.py:341 ipaserver/plugins/ca.py:350 +#: ipaserver/plugins/ca.py:369 ipaserver/plugins/ca.py:409 +#: ipaserver/plugins/internal.py:636 +msgid "CA" msgstr "" -#: ipaserver/plugins/idviews.py:1057 ipaserver/plugins/idviews.py:1061 -msgid "Group ID override" +#: ipaserver/plugins/ca.py:343 +msgid "IPA CA cannot be deleted" msgstr "" -#: ipaserver/plugins/idviews.py:1058 ipaserver/plugins/idviews.py:1060 -msgid "Group ID overrides" +#: ipaserver/plugins/ca.py:352 +msgid "Must be disabled first" msgstr "" -#: ipaserver/plugins/idviews.py:1102 -msgid "Add one or more certificates to the idoverrideuser entry" +#: ipaserver/plugins/ca.py:360 +msgid "Modify CA configuration." msgstr "" -#: ipaserver/plugins/idviews.py:1103 +#: ipaserver/plugins/ca.py:361 #, python-format -msgid "Added certificates to idoverrideuser \"%(value)s\"" +msgid "Modified CA \"%(value)s\"" msgstr "" -#: ipaserver/plugins/idviews.py:1125 -msgid "Remove one or more certificates to the idoverrideuser entry" +#: ipaserver/plugins/ca.py:387 +msgid "Insufficient privilege to modify a CA." msgstr "" -#: ipaserver/plugins/idviews.py:1126 -#, python-format -msgid "Removed certificates from idoverrideuser \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/idviews.py:1150 -#, python-format -msgid "Added User ID override \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/idviews.py:1175 -#, python-format -msgid "Deleted User ID override \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/idviews.py:1181 -#, python-format -msgid "Modified an User ID override \"%(value)s\"" +#: ipaserver/plugins/ca.py:403 +msgid "Disable a CA." msgstr "" -#: ipaserver/plugins/idviews.py:1213 -#, python-format -msgid "%(count)d User ID override matched" -msgid_plural "%(count)d User ID overrides matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/idviews.py:1249 +#: ipaserver/plugins/ca.py:404 #, python-format -msgid "Added Group ID override \"%(value)s\"" +msgid "Disabled CA \"%(value)s\"" msgstr "" -#: ipaserver/plugins/idviews.py:1255 -#, python-format -msgid "Deleted Group ID override \"%(value)s\"" +#: ipaserver/plugins/ca.py:411 +msgid "IPA CA cannot be disabled" msgstr "" -#: ipaserver/plugins/idviews.py:1261 -#, python-format -msgid "Modified an Group ID override \"%(value)s\"" +#: ipaserver/plugins/ca.py:421 +msgid "Enable a CA." msgstr "" -#: ipaserver/plugins/idviews.py:1267 -#, python-format -msgid "%(count)d Group ID override matched" -msgid_plural "%(count)d Group ID overrides matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/join.py:125 +#: ipaserver/plugins/ca.py:422 #, python-format -msgid "" -"Insufficient 'write' privilege to the 'krbLastPwdChange' attribute of entry " -"'%s'." +msgid "Enabled CA \"%(value)s\"" msgstr "" #: ipaserver/plugins/internal.py:151 @@ -20610,16 +20995,6 @@ msgstr "" msgid "REVOKED" msgstr "" -#: ipaserver/plugins/internal.py:696 ipaserver/plugins/service.py:501 -#: ipaserver/plugins/host.py:510 -msgid "Serial Number" -msgstr "" - -#: ipaserver/plugins/internal.py:697 ipaserver/plugins/service.py:505 -#: ipaserver/plugins/host.py:514 -msgid "Serial Number (hex)" -msgstr "" - #: ipaserver/plugins/internal.py:698 msgid "SHA1 Fingerprint" msgstr "" @@ -20715,10 +21090,6 @@ msgstr "" msgid "Remove certificate identity mapping rules" msgstr "" -#: ipaserver/plugins/internal.py:730 ipaserver/plugins/schema.py:153 -msgid "Version" -msgstr "" - #: ipaserver/plugins/internal.py:733 msgid "Group Options" msgstr "" @@ -21600,11 +21971,6 @@ msgstr "" msgid "Un-apply ID view '${primary_key}' from hosts" msgstr "" -#: ipaserver/plugins/internal.py:1136 ipaserver/plugins/krbtpolicy.py:128 -#: ipaserver/plugins/krbtpolicy.py:129 -msgid "Kerberos Ticket Policy" -msgstr "" - #: ipaserver/plugins/internal.py:1139 msgid "Add netgroup" msgstr "" @@ -21639,11 +22005,6 @@ msgstr "" msgid "Add users into netgroup '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1161 ipaserver/plugins/internal.py:1282 -#: ipaserver/plugins/host.py:451 -msgid "Host" -msgstr "" - #: ipaserver/plugins/internal.py:1164 msgid "Netgroup Settings" msgstr "" @@ -21869,11 +22230,6 @@ msgstr "" msgid "Remove RADIUS servers" msgstr "" -#: ipaserver/plugins/internal.py:1259 ipaserver/plugins/realmdomains.py:107 -#: ipaserver/plugins/realmdomains.py:108 -msgid "Realm Domains" -msgstr "" - #: ipaserver/plugins/internal.py:1260 msgid "Check DNS" msgstr "" @@ -22386,6 +22742,18 @@ msgstr "" msgid "Remove domains" msgstr "" +#: ipaserver/plugins/internal.py:1527 ipaserver/plugins/trust.py:556 +msgid "Trust direction" +msgstr "" + +#: ipaserver/plugins/internal.py:1528 ipaserver/plugins/trust.py:564 +msgid "Trust status" +msgstr "" + +#: ipaserver/plugins/internal.py:1529 ipaserver/plugins/trust.py:560 +msgid "Trust type" +msgstr "" + #: ipaserver/plugins/internal.py:1530 msgid "Alternative UPN suffixes" msgstr "" @@ -23007,11 +23375,6 @@ msgstr "" msgid "Identity" msgstr "" -#: ipaserver/plugins/internal.py:1928 ipaserver/plugins/location.py:157 -#: ipaserver/plugins/server.py:71 -msgid "IPA Server" -msgstr "" - #: ipaserver/plugins/internal.py:1929 msgid "Network Services" msgstr "" @@ -23032,6 +23395,10 @@ msgstr "" msgid "Topology" msgstr "" +#: ipaserver/plugins/internal.py:1934 ipaserver/plugins/trust.py:530 +msgid "Trusts" +msgstr "" + #: ipaserver/plugins/internal.py:1936 msgid "True" msgstr "" @@ -23162,2062 +23529,6 @@ msgstr "" msgid "Unsupported value" msgstr "" -#: ipaserver/plugins/selfservice.py:68 -msgid "self service permission" -msgstr "" - -#: ipaserver/plugins/selfservice.py:69 -msgid "self service permissions" -msgstr "" - -#: ipaserver/plugins/selfservice.py:70 -msgid "Self Service Permissions" -msgstr "" - -#: ipaserver/plugins/selfservice.py:71 -msgid "Self Service Permission" -msgstr "" - -#: ipaserver/plugins/selfservice.py:94 ipaserver/plugins/aci.py:514 -#: ipaserver/plugins/delegation.py:101 ipaserver/plugins/permission.py:359 -msgid "ACI" -msgstr "" - -#: ipaserver/plugins/selfservice.py:124 -#, python-format -msgid "Added selfservice \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/selfservice.py:146 -#, python-format -msgid "Deleted selfservice \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/selfservice.py:163 -#, python-format -msgid "Modified selfservice \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/selfservice.py:185 -#, python-format -msgid "%(count)d selfservice matched" -msgid_plural "%(count)d selfservices matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/serverrole.py:13 -msgid "" -"\n" -"IPA server roles\n" -msgstr "" - -#: ipaserver/plugins/serverrole.py:15 -msgid "" -"\n" -"Get status of roles (DNS server, CA, etc.) provided by IPA masters.\n" -msgstr "" - -#: ipaserver/plugins/serverrole.py:17 -msgid "" -"\n" -"The status of a role is either enabled, configured, or absent.\n" -msgstr "" - -#: ipaserver/plugins/serverrole.py:21 -msgid "" -"\n" -" Show status of 'DNS server' role on a server:\n" -" ipa server-role-show ipa.example.com \"DNS server\"\n" -msgstr "" - -#: ipaserver/plugins/serverrole.py:24 -msgid "" -"\n" -" Show status of all roles containing 'AD' on a server:\n" -" ipa server-role-find --server ipa.example.com --role=\"AD trust " -"controller\"\n" -msgstr "" - -#: ipaserver/plugins/serverrole.py:27 -msgid "" -"\n" -" Show status of all configured roles on a server:\n" -" ipa server-role-find ipa.example.com\n" -msgstr "" - -#: ipaserver/plugins/serverrole.py:30 -msgid "" -"\n" -" Show implicit IPA master role:\n" -" ipa server-role-find --include-master\n" -msgstr "" - -#: ipaserver/plugins/serverrole.py:46 -msgid "server role" -msgstr "" - -#: ipaserver/plugins/serverrole.py:47 -msgid "server roles" -msgstr "" - -#: ipaserver/plugins/serverrole.py:51 -msgid "IPA Server Roles" -msgstr "" - -#: ipaserver/plugins/serverrole.py:52 -msgid "IPA Server Role" -msgstr "" - -#: ipaserver/plugins/serverrole.py:65 -msgid "IPA server role name" -msgstr "" - -#: ipaserver/plugins/serverrole.py:71 -msgid "Role status" -msgstr "" - -#: ipaserver/plugins/serverrole.py:72 -msgid "Status of the role" -msgstr "" - -#: ipaserver/plugins/serverrole.py:89 -msgid "Show role status on a server" -msgstr "" - -#: ipaserver/plugins/serverrole.py:113 -msgid "Find a server role on a server(s)" -msgstr "" - -#: ipaserver/plugins/serverrole.py:118 -#, python-format -msgid "%(count)s server role matched" -msgid_plural "%(count)s server roles matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/serverrole.py:139 -msgid "Include IPA master entries" -msgstr "" - -#: ipaserver/plugins/serverrole.py:186 ipaserver/plugins/role.py:82 -msgid "roles" -msgstr "" - -#: ipaserver/plugins/serverrole.py:192 -msgid "IPA role name" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:86 -msgid "kerberos ticket policy settings" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:152 -msgid "OTP max life" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:153 -msgid "OTP token maximum ticket life (seconds)" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:157 -msgid "OTP max renew" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:158 -msgid "OTP token ticket maximum renewable age (seconds)" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:162 -msgid "RADIUS max life" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:163 -msgid "RADIUS maximum ticket life (seconds)" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:167 -msgid "RADIUS max renew" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:168 -msgid "RADIUS ticket maximum renewable age (seconds)" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:172 -msgid "PKINIT max life" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:173 -msgid "PKINIT maximum ticket life (seconds)" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:177 -msgid "PKINIT max renew" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:178 -msgid "PKINIT ticket maximum renewable age (seconds)" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:182 -msgid "Hardened max life" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:183 -msgid "Hardened ticket maximum ticket life (seconds)" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:187 -msgid "Hardened max renew" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:188 -msgid "Hardened ticket maximum renewable age (seconds)" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:272 -#, python-format -msgid "Ticket policy for %s could not be read" -msgstr "" - -#: ipaserver/plugins/krbtpolicy.py:292 -msgid "Default ticket policy could not be read" -msgstr "" - -#: ipaserver/plugins/ldap2.py:270 -msgid "Could not read UPG Definition originfilter. Check your permissions." -msgstr "" - -#: ipaserver/plugins/location.py:33 -msgid "" -"\n" -"IPA locations\n" -msgstr "" - -#: ipaserver/plugins/location.py:35 -msgid "" -"\n" -"Manipulate DNS locations\n" -msgstr "" - -#: ipaserver/plugins/location.py:39 -msgid "" -"\n" -" Find all locations:\n" -" ipa location-find\n" -msgstr "" - -#: ipaserver/plugins/location.py:42 -msgid "" -"\n" -" Show specific location:\n" -" ipa location-show location\n" -msgstr "" - -#: ipaserver/plugins/location.py:45 -msgid "" -"\n" -" Add location:\n" -" ipa location-add location --description 'My location'\n" -msgstr "" - -#: ipaserver/plugins/location.py:48 -msgid "" -"\n" -" Delete location:\n" -" ipa location-del location\n" -msgstr "" - -#: ipaserver/plugins/location.py:62 -msgid "location" -msgstr "" - -#: ipaserver/plugins/location.py:63 -msgid "locations" -msgstr "" - -#: ipaserver/plugins/location.py:69 -msgid "IPA Locations" -msgstr "" - -#: ipaserver/plugins/location.py:70 -msgid "IPA Location" -msgstr "" - -#: ipaserver/plugins/location.py:103 -msgid "Location name" -msgstr "" - -#: ipaserver/plugins/location.py:104 -msgid "IPA location name" -msgstr "" - -#: ipaserver/plugins/location.py:112 -msgid "IPA Location description" -msgstr "" - -#: ipaserver/plugins/location.py:116 -msgid "Servers" -msgstr "" - -#: ipaserver/plugins/location.py:117 -msgid "Servers that belongs to the IPA location" -msgstr "" - -#: ipaserver/plugins/location.py:122 -msgid "Advertised by servers" -msgstr "" - -#: ipaserver/plugins/location.py:123 -msgid "List of servers which advertise the given location" -msgstr "" - -#: ipaserver/plugins/location.py:138 -msgid "Add a new IPA location." -msgstr "" - -#: ipaserver/plugins/location.py:140 -#, python-format -msgid "Added IPA location \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/location.py:145 -msgid "Delete an IPA location." -msgstr "" - -#: ipaserver/plugins/location.py:147 -#, python-format -msgid "Deleted IPA location \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/location.py:170 -msgid "Modify information about an IPA location." -msgstr "" - -#: ipaserver/plugins/location.py:172 -#, python-format -msgid "Modified IPA location \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/location.py:177 -msgid "Search for IPA locations." -msgstr "" - -#: ipaserver/plugins/location.py:180 -#, python-format -msgid "%(count)d IPA location matched" -msgid_plural "%(count)d IPA locations matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/location.py:187 -msgid "Display information about an IPA location." -msgstr "" - -#: ipaserver/plugins/location.py:193 -msgid "Servers in location" -msgstr "" - -#: ipaserver/plugins/selinuxusermap.py:89 -msgid "HBAC rule and local members cannot both be set" -msgstr "" - -#: ipaserver/plugins/selinuxusermap.py:128 -msgid "Invalid SELinux user name, must match {}" -msgstr "" - -#: ipaserver/plugins/selinuxusermap.py:142 -#, python-brace-format -msgid "Invalid MLS value, must match {mls}, where max level {mls_max}" -msgstr "" - -#: ipaserver/plugins/selinuxusermap.py:147 -#, python-brace-format -msgid "Invalid MCS value, must match {mcs}, where max category {mcs_max}" -msgstr "" - -#: ipaserver/plugins/selinuxusermap.py:161 -msgid "SELinux user map list not found in configuration" -msgstr "" - -#: ipaserver/plugins/selinuxusermap.py:166 -#, python-format -msgid "SELinux user %(user)s not found in ordering list (in config)" -msgstr "" - -#: ipaserver/plugins/selinuxusermap.py:176 -msgid "SELinux User Map rule" -msgstr "" - -#: ipaserver/plugins/selinuxusermap.py:177 -msgid "SELinux User Map rules" -msgstr "" - -#: ipaserver/plugins/selinuxusermap.py:233 -msgid "SELinux User Maps" -msgstr "" - -#: ipaserver/plugins/selinuxusermap.py:234 -msgid "SELinux User Map" -msgstr "" - -#: ipaserver/plugins/selinuxusermap.py:309 -#, python-format -msgid "HBAC rule %(rule)s not found" -msgstr "" - -#: ipaserver/plugins/selinuxusermap.py:330 -#, python-format -msgid "Added SELinux User Map \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/selinuxusermap.py:368 -#, python-format -msgid "Deleted SELinux User Map \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/selinuxusermap.py:376 -#, python-format -msgid "Modified SELinux User Map \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/selinuxusermap.py:449 -#, python-format -msgid "%(count)d SELinux User Map matched" -msgid_plural "%(count)d SELinux User Maps matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/selinuxusermap.py:491 -#, python-format -msgid "Enabled SELinux User Map \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/selinuxusermap.py:521 -#, python-format -msgid "Disabled SELinux User Map \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/topology.py:24 -msgid "" -"\n" -"Topology\n" -"\n" -"Management of a replication topology at domain level 1.\n" -msgstr "" - -#: ipaserver/plugins/topology.py:28 -msgid "" -"\n" -"IPA server's data is stored in LDAP server in two suffixes:\n" -"* domain suffix, e.g., 'dc=example,dc=com', contains all domain related " -"data\n" -"* ca suffix, 'o=ipaca', is present only on server with CA installed. It\n" -" contains data for Certificate Server component\n" -msgstr "" - -#: ipaserver/plugins/topology.py:33 -msgid "" -"\n" -"Data stored on IPA servers is replicated to other IPA servers. The way it " -"is\n" -"replicated is defined by replication agreements. Replication agreements " -"needs\n" -"to be set for both suffixes separately. On domain level 0 they are managed\n" -"using ipa-replica-manage and ipa-csreplica-manage tools. With domain level " -"1\n" -"they are managed centrally using `ipa topology*` commands.\n" -msgstr "" - -#: ipaserver/plugins/topology.py:39 -msgid "" -"\n" -"Agreements are represented by topology segments. By default topology " -"segment\n" -"represents 2 replication agreements - one for each direction, e.g., A to B " -"and\n" -"B to A. Creation of unidirectional segments is not allowed.\n" -msgstr "" - -#: ipaserver/plugins/topology.py:43 -msgid "" -"\n" -"To verify that no server is disconnected in the topology of the given " -"suffix,\n" -"use:\n" -" ipa topologysuffix-verify $suffix\n" -msgstr "" - -#: ipaserver/plugins/topology.py:47 -msgid "" -"\n" -"\n" -"Examples:\n" -" Find all IPA servers:\n" -" ipa server-find\n" -msgstr "" - -#: ipaserver/plugins/topology.py:52 -msgid "" -"\n" -" Find all suffixes:\n" -" ipa topologysuffix-find\n" -msgstr "" - -#: ipaserver/plugins/topology.py:55 -msgid "" -"\n" -" Add topology segment to 'domain' suffix:\n" -" ipa topologysegment-add domain --left IPA_SERVER_A --right IPA_SERVER_B\n" -msgstr "" - -#: ipaserver/plugins/topology.py:58 -msgid "" -"\n" -" Add topology segment to 'ca' suffix:\n" -" ipa topologysegment-add ca --left IPA_SERVER_A --right IPA_SERVER_B\n" -msgstr "" - -#: ipaserver/plugins/topology.py:61 -msgid "" -"\n" -" List all topology segments in 'domain' suffix:\n" -" ipa topologysegment-find domain\n" -msgstr "" - -#: ipaserver/plugins/topology.py:64 -msgid "" -"\n" -" List all topology segments in 'ca' suffix:\n" -" ipa topologysegment-find ca\n" -msgstr "" - -#: ipaserver/plugins/topology.py:67 -msgid "" -"\n" -" Delete topology segment in 'domain' suffix:\n" -" ipa topologysegment-del domain segment_name\n" -msgstr "" - -#: ipaserver/plugins/topology.py:70 -msgid "" -"\n" -" Delete topology segment in 'ca' suffix:\n" -" ipa topologysegment-del ca segment_name\n" -msgstr "" - -#: ipaserver/plugins/topology.py:73 -msgid "" -"\n" -" Verify topology of 'domain' suffix:\n" -" ipa topologysuffix-verify domain\n" -msgstr "" - -#: ipaserver/plugins/topology.py:76 -msgid "" -"\n" -" Verify topology of 'ca' suffix:\n" -" ipa topologysuffix-verify ca\n" -msgstr "" - -#: ipaserver/plugins/topology.py:92 -#, python-brace-format -msgid "Topology management requires minimum domain level {0} " -msgstr "" - -#: ipaserver/plugins/topology.py:104 -msgid "segment" -msgstr "" - -#: ipaserver/plugins/topology.py:105 -msgid "segments" -msgstr "" - -#: ipaserver/plugins/topology.py:119 -msgid "Topology Segments" -msgstr "" - -#: ipaserver/plugins/topology.py:120 -msgid "Topology Segment" -msgstr "" - -#: ipaserver/plugins/topology.py:226 -#, python-format -msgid "left node is not a topology node: %(leftnode)s" -msgstr "" - -#: ipaserver/plugins/topology.py:233 -#, python-format -msgid "right node is not a topology node: %(rightnode)s" -msgstr "" - -#: ipaserver/plugins/topology.py:250 -msgid "left node and right node must not be the same" -msgstr "" - -#: ipaserver/plugins/topology.py:261 -#, python-brace-format -msgid "left node ({host}) does not support suffix '{suff}'" -msgstr "" - -#: ipaserver/plugins/topology.py:269 -#, python-brace-format -msgid "right node ({host}) does not support suffix '{suff}'" -msgstr "" - -#: ipaserver/plugins/topology.py:280 -#, python-format -msgid "%(count)d segment matched" -msgid_plural "%(count)d segments matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/topology.py:289 -#, python-format -msgid "Added segment \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/topology.py:302 -#, python-format -msgid "Deleted segment \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/topology.py:314 -#, python-format -msgid "Modified segment \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/topology.py:329 -#, python-format -msgid "%(value)s" -msgstr "" - -#: ipaserver/plugins/topology.py:365 -msgid "left or right node has to be specified" -msgstr "" - -#: ipaserver/plugins/topology.py:370 -msgid "only one node can be specified" -msgstr "" - -#: ipaserver/plugins/topology.py:374 -#, python-format -msgid "Replication refresh for segment: \"%(pkey)s\" requested." -msgstr "" - -#: ipaserver/plugins/topology.py:377 -#, python-format -msgid "Stopping of replication refresh for segment: \"%(pkey)s\" requested." -msgstr "" - -#: ipaserver/plugins/topology.py:408 -msgid "suffixes" -msgstr "" - -#: ipaserver/plugins/topology.py:412 -msgid "Topology suffixes" -msgstr "" - -#: ipaserver/plugins/topology.py:413 -msgid "Topology suffix" -msgstr "" - -#: ipaserver/plugins/topology.py:435 -#, python-format -msgid "%(count)d topology suffix matched" -msgid_plural "%(count)d topology suffixes matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/topology.py:446 -#, python-format -msgid "Deleted topology suffix \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/topology.py:460 -#, python-format -msgid "Added topology suffix \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/topology.py:474 -#, python-format -msgid "Modified topology suffix \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/topology.py:489 -msgid "" -"\n" -"Verify replication topology for suffix.\n" -"\n" -"Checks done:\n" -" 1. check if a topology is not disconnected. In other words if there are\n" -" replication paths between all servers.\n" -" 2. check if servers don't have more than the recommended number of\n" -" replication agreements\n" -msgstr "" - -#: ipaserver/plugins/vault.py:54 -msgid "" -"\n" -"Vaults\n" -msgstr "" - -#: ipaserver/plugins/vault.py:56 -msgid "" -"\n" -"Manage vaults.\n" -msgstr "" - -#: ipaserver/plugins/vault.py:58 -msgid "" -"\n" -"Vault is a secure place to store a secret. One vault can only\n" -"store one secret. When archiving a secret in a vault, the\n" -"existing secret (if any) is overwritten.\n" -msgstr "" - -#: ipaserver/plugins/vault.py:62 -msgid "" -"\n" -"Based on the ownership there are three vault categories:\n" -"* user/private vault\n" -"* service vault\n" -"* shared vault\n" -msgstr "" - -#: ipaserver/plugins/vault.py:67 -msgid "" -"\n" -"User vaults are vaults owned used by a particular user. Private\n" -"vaults are vaults owned the current user. Service vaults are\n" -"vaults owned by a service. Shared vaults are owned by the admin\n" -"but they can be used by other users or services.\n" -msgstr "" - -#: ipaserver/plugins/vault.py:72 -msgid "" -"\n" -"Based on the security mechanism there are three types of\n" -"vaults:\n" -"* standard vault\n" -"* symmetric vault\n" -"* asymmetric vault\n" -msgstr "" - -#: ipaserver/plugins/vault.py:78 -msgid "" -"\n" -"Standard vault uses a secure mechanism to transport and\n" -"store the secret. The secret can only be retrieved by users\n" -"that have access to the vault.\n" -msgstr "" - -#: ipaserver/plugins/vault.py:82 -msgid "" -"\n" -"Symmetric vault is similar to the standard vault, but it\n" -"pre-encrypts the secret using a password before transport.\n" -"The secret can only be retrieved using the same password.\n" -msgstr "" - -#: ipaserver/plugins/vault.py:86 -msgid "" -"\n" -"Asymmetric vault is similar to the standard vault, but it\n" -"pre-encrypts the secret using a public key before transport.\n" -"The secret can only be retrieved using the private key.\n" -msgstr "" - -#: ipaserver/plugins/vault.py:92 -msgid "" -"\n" -" List vaults:\n" -" ipa vault-find\n" -" [--user |--service |--shared]\n" -msgstr "" - -#: ipaserver/plugins/vault.py:96 -msgid "" -"\n" -" Add a standard vault:\n" -" ipa vault-add \n" -" [--user |--service |--shared]\n" -" --type standard\n" -msgstr "" - -#: ipaserver/plugins/vault.py:101 -msgid "" -"\n" -" Add a symmetric vault:\n" -" ipa vault-add \n" -" [--user |--service |--shared]\n" -" --type symmetric --password-file password.txt\n" -msgstr "" - -#: ipaserver/plugins/vault.py:106 -msgid "" -"\n" -" Add an asymmetric vault:\n" -" ipa vault-add \n" -" [--user |--service |--shared]\n" -" --type asymmetric --public-key-file public.pem\n" -msgstr "" - -#: ipaserver/plugins/vault.py:111 -msgid "" -"\n" -" Show a vault:\n" -" ipa vault-show \n" -" [--user |--service |--shared]\n" -msgstr "" - -#: ipaserver/plugins/vault.py:115 -msgid "" -"\n" -" Modify vault description:\n" -" ipa vault-mod \n" -" [--user |--service |--shared]\n" -" --desc \n" -msgstr "" - -#: ipaserver/plugins/vault.py:120 -msgid "" -"\n" -" Modify vault type:\n" -" ipa vault-mod \n" -" [--user |--service |--shared]\n" -" --type \n" -" [old password/private key]\n" -" [new password/public key]\n" -msgstr "" - -#: ipaserver/plugins/vault.py:127 -msgid "" -"\n" -" Modify symmetric vault password:\n" -" ipa vault-mod \n" -" [--user |--service |--shared]\n" -" --change-password\n" -" ipa vault-mod \n" -" [--user |--service |--shared]\n" -" --old-password \n" -" --new-password \n" -" ipa vault-mod \n" -" [--user |--service |--shared]\n" -" --old-password-file \n" -" --new-password-file \n" -msgstr "" - -#: ipaserver/plugins/vault.py:140 -msgid "" -"\n" -" Modify asymmetric vault keys:\n" -" ipa vault-mod \n" -" [--user |--service |--shared]\n" -" --private-key-file \n" -" --public-key-file \n" -msgstr "" - -#: ipaserver/plugins/vault.py:146 -msgid "" -"\n" -" Delete a vault:\n" -" ipa vault-del \n" -" [--user |--service |--shared]\n" -msgstr "" - -#: ipaserver/plugins/vault.py:150 -msgid "" -"\n" -" Display vault configuration:\n" -" ipa vaultconfig-show\n" -msgstr "" - -#: ipaserver/plugins/vault.py:153 -msgid "" -"\n" -" Archive data into standard vault:\n" -" ipa vault-archive \n" -" [--user |--service |--shared]\n" -" --in \n" -msgstr "" - -#: ipaserver/plugins/vault.py:158 -msgid "" -"\n" -" Archive data into symmetric vault:\n" -" ipa vault-archive \n" -" [--user |--service |--shared]\n" -" --in \n" -" --password-file password.txt\n" -msgstr "" - -#: ipaserver/plugins/vault.py:164 -msgid "" -"\n" -" Archive data into asymmetric vault:\n" -" ipa vault-archive \n" -" [--user |--service |--shared]\n" -" --in \n" -msgstr "" - -#: ipaserver/plugins/vault.py:169 -msgid "" -"\n" -" Retrieve data from standard vault:\n" -" ipa vault-retrieve \n" -" [--user |--service |--shared]\n" -" --out \n" -msgstr "" - -#: ipaserver/plugins/vault.py:174 -msgid "" -"\n" -" Retrieve data from symmetric vault:\n" -" ipa vault-retrieve \n" -" [--user |--service |--shared]\n" -" --out \n" -" --password-file password.txt\n" -msgstr "" - -#: ipaserver/plugins/vault.py:180 -msgid "" -"\n" -" Retrieve data from asymmetric vault:\n" -" ipa vault-retrieve \n" -" [--user |--service |--shared]\n" -" --out --private-key-file private.pem\n" -msgstr "" - -#: ipaserver/plugins/vault.py:185 -msgid "" -"\n" -" Add vault owners:\n" -" ipa vault-add-owner \n" -" [--user |--service |--shared]\n" -" [--users ] [--groups ] [--services ]\n" -msgstr "" - -#: ipaserver/plugins/vault.py:190 -msgid "" -"\n" -" Delete vault owners:\n" -" ipa vault-remove-owner \n" -" [--user |--service |--shared]\n" -" [--users ] [--groups ] [--services ]\n" -msgstr "" - -#: ipaserver/plugins/vault.py:195 -msgid "" -"\n" -" Add vault members:\n" -" ipa vault-add-member \n" -" [--user |--service |--shared]\n" -" [--users ] [--groups ] [--services ]\n" -msgstr "" - -#: ipaserver/plugins/vault.py:200 -msgid "" -"\n" -" Delete vault members:\n" -" ipa vault-remove-member \n" -" [--user |--service |--shared]\n" -" [--users ] [--groups ] [--services ]\n" -msgstr "" - -#: ipaserver/plugins/vault.py:252 -msgid "" -"\n" -" Vault Container object.\n" -" " -msgstr "" - -#: ipaserver/plugins/vault.py:258 -msgid "vaultcontainer" -msgstr "" - -#: ipaserver/plugins/vault.py:259 -msgid "vaultcontainers" -msgstr "" - -#: ipaserver/plugins/vault.py:267 -msgid "Vault Containers" -msgstr "" - -#: ipaserver/plugins/vault.py:268 -msgid "Vault Container" -msgstr "" - -#: ipaserver/plugins/vault.py:357 -msgid "Service, shared and user options cannot be specified simultaneously" -msgstr "" - -#: ipaserver/plugins/vault.py:367 ipaserver/plugins/vault.py:683 -msgid "Host is not supported" -msgstr "" - -#: ipaserver/plugins/vault.py:409 ipaserver/plugins/vault.py:433 -#: ipaserver/plugins/vault.py:786 ipaserver/plugins/vault.py:824 -#: ipaserver/plugins/vault.py:880 ipaserver/plugins/vault.py:936 -#: ipaserver/plugins/vault.py:958 ipaserver/plugins/vault.py:1000 -#: ipaserver/plugins/vault.py:1044 ipaserver/plugins/vault.py:1113 -msgid "KRA service is not enabled" -msgstr "" - -#: ipaserver/plugins/vault.py:424 -msgid "Deleted vault container" -msgstr "" - -#: ipaserver/plugins/vault.py:449 ipaserver/plugins/vault.py:474 -#: ipaserver/plugins/vault.py:1164 ipaserver/plugins/vault.py:1189 -#, python-format -msgid "owner %s" -msgstr "" - -#: ipaserver/plugins/vault.py:494 -msgid "" -"\n" -" Vault object.\n" -" " -msgstr "" - -#: ipaserver/plugins/vault.py:500 -msgid "vault" -msgstr "" - -#: ipaserver/plugins/vault.py:501 -msgid "vaults" -msgstr "" - -#: ipaserver/plugins/vault.py:524 -msgid "Vaults" -msgstr "" - -#: ipaserver/plugins/vault.py:525 -msgid "Vault" -msgstr "" - -#: ipaserver/plugins/vault.py:668 -msgid "Service, shared, and user options cannot be specified simultaneously" -msgstr "" - -#: ipaserver/plugins/vault.py:772 -msgid "Add a vault." -msgstr "" - -#: ipaserver/plugins/vault.py:778 -#, python-format -msgid "Added vault \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/vault.py:817 -#, python-format -msgid "Deleted vault \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/vault.py:869 -#, python-format -msgid "%(count)d vault matched" -msgid_plural "%(count)d vaults matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/vault.py:887 -msgid "" -"Service(s), shared, and user(s) options cannot be specified simultaneously" -msgstr "" - -#: ipaserver/plugins/vault.py:927 -#, python-format -msgid "Modified vault \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/vault.py:969 -msgid "Vault configuration" -msgstr "" - -#: ipaserver/plugins/vault.py:979 -msgid "IPA servers configured as key recovery agents" -msgstr "" - -#: ipaserver/plugins/vault.py:1038 -#, python-format -msgid "Archived data into vault \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/vault.py:1094 -msgid "Retrieve data from a vault." -msgstr "" - -#: ipaserver/plugins/vault.py:1107 -#, python-format -msgid "Retrieved data from vault \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/vault.py:1133 -msgid "No archived data." -msgstr "" - -#: ipaserver/plugins/vault.py:1223 -msgid "Checks if any of the servers has the KRA service enabled" -msgstr "" - -#: ipaserver/plugins/migration.py:46 -msgid "" -"\n" -"Migration to IPA\n" -"\n" -"Migrate users and groups from an LDAP server to IPA.\n" -"\n" -"This performs an LDAP query against the remote server searching for\n" -"users and groups in a container. In order to migrate passwords you need\n" -"to bind as a user that can read the userPassword attribute on the remote\n" -"server. This is generally restricted to high-level admins such as\n" -"cn=Directory Manager in 389-ds (this is the default bind user).\n" -"\n" -"The default user container is ou=People.\n" -"\n" -"The default group container is ou=Groups.\n" -"\n" -"Users and groups that already exist on the IPA server are skipped.\n" -"\n" -"Two LDAP schemas define how group members are stored: RFC2307 and\n" -"RFC2307bis. RFC2307bis uses member and uniquemember to specify group\n" -"members, RFC2307 uses memberUid. The default schema is RFC2307bis.\n" -"\n" -"The schema compat feature allows IPA to reformat data for systems that\n" -"do not support RFC2307bis. It is recommended that this feature is disabled\n" -"during migration to reduce system overhead. It can be re-enabled after\n" -"migration. To migrate with it enabled use the \"--with-compat\" option.\n" -"\n" -"Migrated users do not have Kerberos credentials, they have only their\n" -"LDAP password. To complete the migration process, users need to go\n" -"to http://ipa.example.com/ipa/migration and authenticate using their\n" -"LDAP password in order to generate their Kerberos credentials.\n" -"\n" -"Migration is disabled by default. Use the command ipa config-mod to\n" -"enable it:\n" -"\n" -" ipa config-mod --enable-migration=TRUE\n" -"\n" -"If a base DN is not provided with --basedn then IPA will use either\n" -"the value of defaultNamingContext if it is set or the first value\n" -"in namingContexts set in the root of the remote LDAP server.\n" -"\n" -"Users are added as members to the default user group. This can be a\n" -"time-intensive task so during migration this is done in a batch\n" -"mode for every 100 users. As a result there will be a window in which\n" -"users will be added to IPA but will not be members of the default\n" -"user group.\n" -"\n" -"EXAMPLES:\n" -"\n" -" The simplest migration, accepting all defaults:\n" -" ipa migrate-ds ldap://ds.example.com:389\n" -"\n" -" Specify the user and group container. This can be used to migrate user\n" -" and group data from an IPA v1 server:\n" -" ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n" -" --group-container='cn=groups,cn=accounts' \\\n" -" ldap://ds.example.com:389\n" -"\n" -" Since IPA v2 server already contain predefined groups that may collide " -"with\n" -" groups in migrated (IPA v1) server (for example admins, ipausers), users\n" -" having colliding group as their primary group may happen to belong to\n" -" an unknown group on new IPA v2 server.\n" -" Use --group-overwrite-gid option to overwrite GID of already existing " -"groups\n" -" to prevent this issue:\n" -" ipa migrate-ds --group-overwrite-gid \\\n" -" --user-container='cn=users,cn=accounts' \\\n" -" --group-container='cn=groups,cn=accounts' \\\n" -" ldap://ds.example.com:389\n" -"\n" -" Migrated users or groups may have object class and accompanied attributes\n" -" unknown to the IPA v2 server. These object classes and attributes may be\n" -" left out of the migration process:\n" -" ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n" -" --group-container='cn=groups,cn=accounts' \\\n" -" --user-ignore-objectclass=radiusprofile \\\n" -" --user-ignore-attribute=radiusgroupname \\\n" -" ldap://ds.example.com:389\n" -"\n" -"LOGGING\n" -"\n" -"Migration will log warnings and errors to the Apache error log. This\n" -"file should be evaluated post-migration to correct or investigate any\n" -"issues that were discovered.\n" -"\n" -"For every 100 users migrated an info-level message will be displayed to\n" -"give the current progress and duration to make it possible to track\n" -"the progress of migration.\n" -"\n" -"If the log level is debug, either by setting debug = True in\n" -"/etc/ipa/default.conf or /etc/ipa/server.conf, then an entry will be " -"printed\n" -"for each user added plus a summary when the default user group is\n" -"updated.\n" -msgstr "" - -#: ipaserver/plugins/migration.py:145 -#, python-format -msgid "" -"Kerberos principal %s already exists. Use 'ipa user-mod' to set it manually." -msgstr "" - -#: ipaserver/plugins/migration.py:146 -#, python-format -msgid "" -"Unable to determine if Kerberos principal %s already exists. Use 'ipa user-" -"mod' to set it manually." -msgstr "" - -#: ipaserver/plugins/migration.py:147 -msgid "" -"Failed to add user to the default group. Use 'ipa group-add-member' to add " -"manually." -msgstr "" - -#: ipaserver/plugins/migration.py:148 -msgid "Migration of LDAP search reference is not supported." -msgstr "" - -#: ipaserver/plugins/migration.py:149 -msgid "Malformed DN" -msgstr "" - -#: ipaserver/plugins/migration.py:194 -#, python-format -msgid "%(user)s is not a POSIX user" -msgstr "" - -#: ipaserver/plugins/migration.py:461 -msgid "" -". Check GID of the existing group. Use --group-overwrite-gid option to " -"overwrite the GID" -msgstr "" - -#: ipaserver/plugins/migration.py:476 -msgid "Invalid LDAP URI." -msgstr "" - -#: ipaserver/plugins/migration.py:678 -#, python-format -msgid "%s to exclude from migration" -msgstr "" - -#: ipaserver/plugins/migration.py:680 -msgid "" -"search results for objects to be migrated\n" -"have been truncated by the server;\n" -"migration process might be incomplete\n" -msgstr "" - -#: ipaserver/plugins/migration.py:769 -#, python-format -msgid "" -"%(container)s LDAP search did not return any result (search base: " -"%(search_base)s, objectclass: %(objectclass)s)" -msgstr "" - -#: ipaserver/plugins/aci.py:165 -msgid "A list of ACI values" -msgstr "" - -#: ipaserver/plugins/aci.py:229 -msgid "type, filter, subtree and targetgroup are mutually exclusive" -msgstr "" - -#: ipaserver/plugins/aci.py:232 -msgid "ACI prefix is required" -msgstr "" - -#: ipaserver/plugins/aci.py:235 -msgid "" -"at least one of: type, filter, subtree, targetgroup, attrs or memberof are " -"required" -msgstr "" - -#: ipaserver/plugins/aci.py:238 -msgid "filter and memberof are mutually exclusive" -msgstr "" - -#: ipaserver/plugins/aci.py:244 -msgid "group, permission and self are mutually exclusive" -msgstr "" - -#: ipaserver/plugins/aci.py:246 -msgid "One of group, permission or self is required" -msgstr "" - -#: ipaserver/plugins/aci.py:269 -#, python-format -msgid "Group '%s' does not exist" -msgstr "" - -#: ipaserver/plugins/aci.py:295 -msgid "empty filter" -msgstr "" - -#: ipaserver/plugins/aci.py:316 -#, python-format -msgid "Syntax Error: %(error)s" -msgstr "" - -#: ipaserver/plugins/aci.py:361 -#, python-format -msgid "invalid DN (%s)" -msgstr "" - -#: ipaserver/plugins/aci.py:408 -#, python-format -msgid "ACI with name \"%s\" not found" -msgstr "" - -#: ipaserver/plugins/aci.py:437 -msgid "ACI object." -msgstr "" - -#: ipaserver/plugins/aci.py:440 -msgid "ACIs" -msgstr "" - -#: ipaserver/plugins/aci.py:524 -#, python-format -msgid "Created ACI \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/aci.py:577 -#, python-format -msgid "Deleted ACI \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/aci.py:620 -#, python-format -msgid "Modified ACI \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/aci.py:694 -#, python-format -msgid "%(count)d ACI matched" -msgid_plural "%(count)d ACIs matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/aci.py:929 -#, python-format -msgid "Renamed ACI to \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/baseldap.py:100 -msgid "Member service groups" -msgstr "" - -#: ipaserver/plugins/baseldap.py:109 -msgid "Member HBAC service groups" -msgstr "" - -#: ipaserver/plugins/baseldap.py:124 -msgid "Member ID user overrides" -msgstr "" - -#: ipaserver/plugins/baseldap.py:126 -msgid "Indirect Member ID user overrides" -msgstr "" - -#: ipaserver/plugins/baseldap.py:143 -msgid "Indirect Member permissions" -msgstr "" - -#: ipaserver/plugins/baseldap.py:146 -msgid "Indirect Member HBAC service" -msgstr "" - -#: ipaserver/plugins/baseldap.py:149 -msgid "Indirect Member HBAC service group" -msgstr "" - -#: ipaserver/plugins/baseldap.py:210 -msgid "Invalid format. Should be name=value" -msgstr "" - -#: ipaserver/plugins/baseldap.py:507 -msgid "An IPA master host cannot be deleted or disabled" -msgstr "" - -#: ipaserver/plugins/baseldap.py:538 -msgid "entry" -msgstr "" - -#: ipaserver/plugins/baseldap.py:539 -msgid "entries" -msgstr "" - -#: ipaserver/plugins/baseldap.py:577 ipaserver/plugins/baseldap.py:578 -msgid "Entry" -msgstr "" - -#: ipaserver/plugins/baseldap.py:581 -#, python-format -msgid "container entry (%(container)s) not found" -msgstr "" - -#: ipaserver/plugins/baseldap.py:582 -#, python-format -msgid "%(parent)s: %(oname)s not found" -msgstr "" - -#: ipaserver/plugins/baseldap.py:583 ipaserver/plugins/schema.py:263 -#: ipaserver/plugins/schema.py:332 ipaserver/plugins/schema.py:423 -#: ipaserver/plugins/schema.py:658 ipaserver/plugins/schema.py:751 -#, python-format -msgid "%(pkey)s: %(oname)s not found" -msgstr "" - -#: ipaserver/plugins/baseldap.py:584 -#, python-format -msgid "%(oname)s with name \"%(pkey)s\" already exists" -msgstr "" - -#: ipaserver/plugins/baseldap.py:871 ipaserver/plugins/baseldap.py:879 -#, python-format -msgid "attribute \"%(attribute)s\" not allowed" -msgstr "" - -#: ipaserver/plugins/baseldap.py:884 -#, python-format -msgid "these attributes are not allowed: %(attrs)s" -msgstr "" - -#: ipaserver/plugins/baseldap.py:942 -msgid "attribute is not configurable" -msgstr "" - -#: ipaserver/plugins/baseldap.py:1045 -msgid "No such attribute on this entry" -msgstr "" - -#: ipaserver/plugins/baseldap.py:1401 -#, python-format -msgid "Rename the %(ldap_obj_name)s object" -msgstr "" - -#: ipaserver/plugins/baseldap.py:1499 ipaserver/plugins/baseldap.py:2407 -msgid "the entry was deleted while being modified" -msgstr "" - -#: ipaserver/plugins/baseldap.py:1632 ipaserver/plugins/baseldap.py:2134 -#, python-format -msgid "%s" -msgstr "" - -#: ipaserver/plugins/baseldap.py:1633 -#: ipaserver/plugins/servicedelegation.py:213 -#: ipaserver/plugins/servicedelegation.py:303 -#, python-format -msgid "member %s" -msgstr "" - -#: ipaserver/plugins/baseldap.py:1675 ipaserver/plugins/baseldap.py:2158 -#, python-format -msgid "%s to add" -msgstr "" - -#: ipaserver/plugins/baseldap.py:1774 ipaserver/plugins/baseldap.py:2257 -#, python-format -msgid "%s to remove" -msgstr "" - -#: ipaserver/plugins/baseldap.py:1874 ipaserver/plugins/schema.py:128 -#, python-format -msgid "Results should contain primary key attribute only (\"%s\")" -msgstr "" - -#: ipaserver/plugins/baseldap.py:1882 -#, python-format -msgid "" -"Search for %(searched_object)s with these %(relationship)s %(ldap_object)s." -msgstr "" - -#: ipaserver/plugins/baseldap.py:1883 -#, python-format -msgid "" -"Search for %(searched_object)s without these %(relationship)s " -"%(ldap_object)s." -msgstr "" - -#: ipaserver/plugins/baseldap.py:2438 -#, python-format -msgid "added attribute value to entry %(value)s" -msgstr "" - -#: ipaserver/plugins/baseldap.py:2452 -#, python-format -msgid "removed attribute values from entry %(value)s" -msgstr "" - -#: ipaserver/plugins/baseldap.py:2461 -msgid "one or more values to remove" -msgstr "" - -#: ipaserver/plugins/baseuser.py:57 -msgid "" -"\n" -"Baseuser\n" -"\n" -"This contains common definitions for user/stageuser\n" -msgstr "" - -#: ipaserver/plugins/baseuser.py:88 -msgid "must be TRUE or FALSE" -msgstr "" - -#: ipaserver/plugins/baseuser.py:145 -msgid "" -"Object class ipaNTUserAttrs is missing, user entry cannot have SMB " -"attributes." -msgstr "" - -#: ipaserver/plugins/baseuser.py:257 ipaserver/plugins/service.py:484 -#: ipaserver/plugins/host.py:551 -msgid "Principal alias" -msgstr "" - -#: ipaserver/plugins/baseuser.py:269 -msgid "User password expiration" -msgstr "" - -#: ipaserver/plugins/baseuser.py:353 ipaserver/plugins/host.py:570 -msgid "SSH public key fingerprint" -msgstr "" - -#: ipaserver/plugins/baseuser.py:410 -msgid "SMB logon script path" -msgstr "" - -#: ipaserver/plugins/baseuser.py:415 -msgid "SMB profile path" -msgstr "" - -#: ipaserver/plugins/baseuser.py:420 -msgid "SMB Home Directory" -msgstr "" - -#: ipaserver/plugins/baseuser.py:425 -msgid "SMB Home Directory Drive" -msgstr "" - -#: ipaserver/plugins/baseuser.py:449 ipaserver/plugins/baseuser.py:453 -#, python-format -msgid "invalid e-mail format: %(email)s" -msgstr "" - -#: ipaserver/plugins/baseuser.py:480 -#, python-format -msgid "manager %(manager)s not found" -msgstr "" - -#: ipaserver/plugins/baseuser.py:825 -msgid "Issuer of the certificate" -msgstr "" - -#: ipaserver/plugins/baseuser.py:832 -msgid "Subject of the certificate" -msgstr "" - -#: ipaserver/plugins/baseuser.py:877 -msgid "cannot have an empty subject" -msgstr "" - -#: ipaserver/plugins/baseuser.py:917 -msgid "cannot specify both subject/issuer and certificate" -msgstr "" - -#: ipaserver/plugins/baseuser.py:921 -msgid "cannot specify both subject/issuer and ipacertmapdata" -msgstr "" - -#: ipaserver/plugins/baseuser.py:946 -#, python-format -msgid "Added certificate mappings to user \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/baseuser.py:965 -#, python-format -msgid "Removed certificate mappings from user \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/batch.py:35 -msgid "" -"\n" -"Plugin to make multiple ipa calls via one remote procedure call\n" -"\n" -"To run this code in the lite-server\n" -"\n" -"curl -H \"Content-Type:application/json\" -H \"Accept:application/" -"json\" -H \"Accept-Language:en\" --negotiate -u : --cacert /" -"etc/ipa/ca.crt -d @batch_request.json -X POST http://" -"localhost:8888/ipa/json\n" -"\n" -"where the contents of the file batch_request.json follow the below example\n" -"\n" -"{\"method\":\"batch\",\"params\":[[\n" -" {\"method\":\"group_find\",\"params\":[[],{}]},\n" -" {\"method\":\"user_find\",\"params\":[[],{\"whoami\":\"true\",\"all" -"\":\"true\"}]},\n" -" {\"method\":\"user_show\",\"params\":[[\"admin\"],{\"all\":true}]}\n" -" ],{}],\"id\":1}\n" -"\n" -"The format of the response is nested the same way. At the top you will see\n" -" \"error\": null,\n" -" \"id\": 1,\n" -" \"result\": {\n" -" \"count\": 3,\n" -" \"results\": [\n" -"\n" -"\n" -"And then a nested response for each IPA command method sent in the request\n" -"\n" -msgstr "" - -#: ipaserver/plugins/batch.py:71 -msgid "Make multiple ipa calls via one remote procedure call" -msgstr "" - -#: ipaserver/plugins/batch.py:122 -msgid "must contain a tuple (list, dict)" -msgstr "" - -#: ipaserver/plugins/certprofile.py:21 -msgid "" -"\n" -"Manage Certificate Profiles\n" -"\n" -"Certificate Profiles are used by Certificate Authority (CA) in the signing " -"of\n" -"certificates to determine if a Certificate Signing Request (CSR) is " -"acceptable,\n" -"and if so what features and extensions will be present on the certificate.\n" -"\n" -"The Certificate Profile format is the property-list format understood by " -"the\n" -"Dogtag or Red Hat Certificate System CA.\n" -"\n" -"PROFILE ID SYNTAX:\n" -"\n" -"A Profile ID is a string without spaces or punctuation starting with a " -"letter\n" -"and followed by a sequence of letters, digits or underscore (\"_\").\n" -"\n" -"EXAMPLES:\n" -"\n" -" Import a profile that will not store issued certificates:\n" -" ipa certprofile-import ShortLivedUserCert \\\n" -" --file UserCert.profile --desc \"User Certificates\" \\\n" -" --store=false\n" -"\n" -" Delete a certificate profile:\n" -" ipa certprofile-del ShortLivedUserCert\n" -"\n" -" Show information about a profile:\n" -" ipa certprofile-show ShortLivedUserCert\n" -"\n" -" Save profile configuration to a file:\n" -" ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n" -"\n" -" Search for profiles that do not store certificates:\n" -" ipa certprofile-find --store=false\n" -"\n" -"PROFILE CONFIGURATION FORMAT:\n" -"\n" -"The profile configuration format is the raw property-list format\n" -"used by Dogtag Certificate System. The XML format is not supported.\n" -"\n" -"The following restrictions apply to profiles managed by FreeIPA:\n" -"\n" -"- When importing a profile the \"profileId\" field, if present, must\n" -" match the ID given on the command line.\n" -"\n" -"- The \"classId\" field must be set to \"caEnrollImpl\"\n" -"\n" -"- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n" -"\n" -"- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n" -" class must be used.\n" -"\n" -msgstr "" - -#: ipaserver/plugins/certprofile.py:95 -msgid "invalid Profile ID" -msgstr "" - -#: ipaserver/plugins/certprofile.py:106 ipaserver/plugins/certprofile.py:116 -msgid "Certificate Profile" -msgstr "" - -#: ipaserver/plugins/certprofile.py:107 ipaserver/plugins/certprofile.py:115 -msgid "Certificate Profiles" -msgstr "" - -#: ipaserver/plugins/certprofile.py:126 -msgid "Profile configuration" -msgstr "" - -#: ipaserver/plugins/certprofile.py:190 -#, python-format -msgid "%(count)d profile matched" -msgid_plural "%(count)d profiles matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/certprofile.py:222 -#, python-format -msgid "Imported profile \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/certprofile.py:247 -#, python-format -msgid "Profile data specifies profileId multiple times: %(values)s" -msgstr "" - -#: ipaserver/plugins/certprofile.py:255 -#, python-format -msgid "Profile ID '%(cli_value)s' does not match profile data '%(file_value)s'" -msgstr "" - -#: ipaserver/plugins/certprofile.py:282 -#, python-format -msgid "Deleted profile \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/certprofile.py:289 -#, python-format -msgid "Predefined profile '%(profile_id)s' cannot be deleted" -msgstr "" - -#: ipaserver/plugins/certprofile.py:305 -#, python-format -msgid "Modified Certificate Profile \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/certprofile.py:322 -msgid "Certificate profiles cannot be renamed" -msgstr "" - -#: ipaserver/plugins/certprofile.py:327 -msgid "Insufficient privilege to modify a certificate profile." -msgstr "" - -#: ipaserver/plugins/hostgroup.py:35 -msgid "" -"\n" -"Groups of hosts.\n" -"\n" -"Manage groups of hosts. This is useful for applying access control to a\n" -"number of hosts by using Host-based Access Control.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a new host group:\n" -" ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n" -"\n" -" Add another new host group:\n" -" ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n" -"\n" -" Add members to the hostgroup (using Bash brace expansion):\n" -" ipa hostgroup-add-member --hosts={box1,box2,box3} baltimore\n" -"\n" -" Add a hostgroup as a member of another hostgroup:\n" -" ipa hostgroup-add-member --hostgroups=baltimore maryland\n" -"\n" -" Remove a host from the hostgroup:\n" -" ipa hostgroup-remove-member --hosts=box2 baltimore\n" -"\n" -" Display a host group:\n" -" ipa hostgroup-show baltimore\n" -"\n" -" Add a member manager:\n" -" ipa hostgroup-add-member-manager --users=user1 baltimore\n" -"\n" -" Remove a member manager\n" -" ipa hostgroup-remove-member-manager --users=user1 baltimore\n" -"\n" -" Delete a hostgroup:\n" -" ipa hostgroup-del baltimore\n" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:107 -msgid "host groups" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:179 -msgid "Host Group" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:223 -#, python-format -msgid "Added hostgroup \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:239 -#, python-format -msgid "" -"netgroup with name \"%s\" already exists. Hostgroups and netgroups share a " -"common namespace" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:262 -#, python-format -msgid "Deleted hostgroup \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:266 ipaserver/plugins/hostgroup.py:284 -#: ipaserver/plugins/hostgroup.py:349 -msgid "hostgroup" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:268 ipaserver/plugins/hostgroup.py:286 -msgid "privileged hostgroup" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:278 -#, python-format -msgid "Modified hostgroup \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:303 -#, python-format -msgid "%(count)d hostgroup matched" -msgid_plural "%(count)d hostgroups matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/hostgroup.py:362 -msgid "Add users that can manage members of this hostgroup." -msgstr "" - -#: ipaserver/plugins/hostgroup.py:372 -msgid "Remove users that can manage members of this hostgroup." -msgstr "" - -#: ipaserver/plugins/privilege.py:76 -#, python-format -msgid "" -"cannot add permission \"%(perm)s\" with bindtype \"%(bindtype)s\" to a " -"privilege" -msgstr "" - -#: ipaserver/plugins/privilege.py:149 -msgid "Privilege" -msgstr "" - -#: ipaserver/plugins/privilege.py:169 -#, python-format -msgid "Added privilege \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/privilege.py:176 -#, python-format -msgid "Deleted privilege \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/privilege.py:183 -#, python-format -msgid "Modified privilege \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/privilege.py:191 -#, python-format -msgid "%(count)d privilege matched" -msgid_plural "%(count)d privileges matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/pwpolicy.py:92 -msgid "Class of Service object used for linking policies with groups" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:143 -#, python-format -msgid "priority must be a unique value (%(prio)d already used by %(gname)s)" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:171 -msgid "Add Class of Service entry" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:194 -msgid "Delete Class of Service entry" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:200 -msgid "Modify Class of Service entry" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:218 -msgid "Display Class of Service entry" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:224 -msgid "Search for Class of Service entry" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:237 -msgid "password policy" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:238 -msgid "password policies" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:297 -msgid "Password Policies" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:370 -msgid "Max repeat" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:371 -msgid "Maximum number of same consecutive characters" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:379 -msgid "Max sequence" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:380 -msgid "The max. length of monotonic character sequences (abcd)" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:388 -msgid "Dictionary check" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:389 -msgid "Check if the password is a dictionary word" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:395 -msgid "User check" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:396 -msgid "Check if the password contains the username" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:469 -msgid "" -"Minimum length must be >= 6 if maxrepeat, maxsequence, dictcheck or " -"usercheck are defined" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:494 -msgid "Maximum password life must be greater than minimum." -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:551 -msgid "cannot delete global password policy" -msgstr "" - -#: ipaserver/plugins/pwpolicy.py:585 -msgid "priority cannot be set on global policy" -msgstr "" - -#: ipaserver/plugins/realmdomains.py:34 -msgid "" -"\n" -"Realm domains\n" -"\n" -"Manage the list of domains associated with IPA realm.\n" -"\n" -"This list is useful for Domain Controllers from other realms which have\n" -"established trust with this IPA realm. They need the information to know\n" -"which request should be forwarded to KDC of this IPA realm.\n" -"\n" -"Automatic management: a domain is automatically added to the realm domains\n" -"list when a new DNS Zone managed by IPA is created. Same applies for " -"deletion.\n" -"\n" -"Externally managed DNS: domains which are not managed in IPA server DNS\n" -"need to be manually added to the list using ipa realmdomains-mod command.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Display the current list of realm domains:\n" -" ipa realmdomains-show\n" -"\n" -" Replace the list of realm domains:\n" -" ipa realmdomains-mod --domain=example.com\n" -" ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n" -"\n" -" Add a domain to the list of realm domains:\n" -" ipa realmdomains-mod --add-domain=newdomain.com\n" -"\n" -" Delete a domain from the list of realm domains:\n" -" ipa realmdomains-mod --del-domain=olddomain.com\n" -msgstr "" - -#: ipaserver/plugins/realmdomains.py:85 -msgid "Realm domains" -msgstr "" - -#: ipaserver/plugins/realmdomains.py:134 -msgid "" -"\n" -" Modify realm domains\n" -"\n" -" DNS check: When manually adding a domain to the list, a DNS check is\n" -" performed by default. It ensures that the domain is associated with\n" -" the IPA realm, by checking whether the domain has a _kerberos TXT " -"record\n" -" containing the IPA realm name. This check can be skipped by specifying\n" -" --force option.\n" -"\n" -" Removal: when a realm domain which has a matching DNS zone managed by\n" -" IPA is being removed, a corresponding _kerberos TXT record in the zone " -"is\n" -" removed automatically as well. Other records in the zone or the zone\n" -" itself are not affected.\n" -" " -msgstr "" - -#: ipaserver/plugins/realmdomains.py:177 -#, python-format -msgid "" -"DNS zone for each realmdomain must contain SOA or NS records. No records " -"found for: %s" -msgstr "" - -#: ipaserver/plugins/realmdomains.py:203 -#, python-format -msgid "The following domains do not belong to this realm: %(domains)s" -msgstr "" - -#: ipaserver/plugins/realmdomains.py:218 -#, python-format -msgid "" -"The realm of the following domains could not be detected: %(domains)s. If " -"these are domains that belong to the this realm, please create a _kerberos " -"TXT record containing \"%(realm)s\" in each of them." -msgstr "" - -#: ipaserver/plugins/realmdomains.py:241 -msgid "" -"The --domain option cannot be used together with --add-domain or --del-" -"domain. Use --domain to specify the whole realm domain list explicitly, to " -"add/remove individual domains, use --add-domain/del-domain." -msgstr "" - -#: ipaserver/plugins/realmdomains.py:252 -msgid "IPA server domain cannot be omitted" -msgstr "" - -#: ipaserver/plugins/realmdomains.py:274 -msgid "IPA server domain cannot be deleted" -msgstr "" - #: ipaserver/plugins/role.py:143 msgid "Role" msgstr "" @@ -25244,174 +23555,6 @@ msgid_plural "%(count)d roles matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/schema.py:30 -msgid "" -"\n" -"API Schema\n" -msgstr "" - -#: ipaserver/plugins/schema.py:32 -msgid "" -"\n" -"Provides API introspection capabilities.\n" -msgstr "" - -#: ipaserver/plugins/schema.py:36 -msgid "" -"\n" -" Show user-find details:\n" -" ipa command-show user-find\n" -msgstr "" - -#: ipaserver/plugins/schema.py:39 -msgid "" -"\n" -" Find user-find parameters:\n" -" ipa param-find user-find\n" -msgstr "" - -#: ipaserver/plugins/schema.py:60 -msgid "Documentation" -msgstr "" - -#: ipaserver/plugins/schema.py:65 -msgid "Exclude from" -msgstr "" - -#: ipaserver/plugins/schema.py:70 -msgid "Include in" -msgstr "" - -#: ipaserver/plugins/schema.py:141 -msgid "Help topic" -msgstr "" - -#: ipaserver/plugins/schema.py:178 -msgid "Parameters" -msgstr "" - -#: ipaserver/plugins/schema.py:213 -msgid "Method of" -msgstr "" - -#: ipaserver/plugins/schema.py:218 -msgid "Method name" -msgstr "" - -#: ipaserver/plugins/schema.py:276 -msgid "Display information about a command." -msgstr "" - -#: ipaserver/plugins/schema.py:281 -msgid "Search for commands." -msgstr "" - -#: ipaserver/plugins/schema.py:286 -msgid "Return command defaults" -msgstr "" - -#: ipaserver/plugins/schema.py:343 -msgid "Display information about a class." -msgstr "" - -#: ipaserver/plugins/schema.py:348 -msgid "Search for classes." -msgstr "" - -#: ipaserver/plugins/schema.py:435 -msgid "Display information about a help topic." -msgstr "" - -#: ipaserver/plugins/schema.py:440 -msgid "Search for help topics." -msgstr "" - -#: ipaserver/plugins/schema.py:452 -msgid "Required" -msgstr "" - -#: ipaserver/plugins/schema.py:457 -msgid "Multi-value" -msgstr "" - -#: ipaserver/plugins/schema.py:505 -msgid "Always ask" -msgstr "" - -#: ipaserver/plugins/schema.py:510 -msgid "CLI metavar" -msgstr "" - -#: ipaserver/plugins/schema.py:515 -msgid "CLI name" -msgstr "" - -#: ipaserver/plugins/schema.py:520 -msgid "Confirm (password)" -msgstr "" - -#: ipaserver/plugins/schema.py:525 -msgid "Default" -msgstr "" - -#: ipaserver/plugins/schema.py:530 -msgid "Default from" -msgstr "" - -#: ipaserver/plugins/schema.py:535 -msgid "Label" -msgstr "" - -#: ipaserver/plugins/schema.py:540 -msgid "Convert on server" -msgstr "" - -#: ipaserver/plugins/schema.py:545 -msgid "Option group" -msgstr "" - -#: ipaserver/plugins/schema.py:550 -msgid "Sensitive" -msgstr "" - -#: ipaserver/plugins/schema.py:555 -msgid "Positional argument" -msgstr "" - -#: ipaserver/plugins/schema.py:640 -#, python-format -msgid "%(metaobject)s: %(oname)s not found" -msgstr "" - -#: ipaserver/plugins/schema.py:679 -msgid "Display information about a command parameter." -msgstr "" - -#: ipaserver/plugins/schema.py:684 -msgid "Search command parameters." -msgstr "" - -#: ipaserver/plugins/schema.py:741 -#, python-format -msgid "%(command_name)s: %(oname)s not found" -msgstr "" - -#: ipaserver/plugins/schema.py:766 -msgid "Display information about a command output." -msgstr "" - -#: ipaserver/plugins/schema.py:771 -msgid "Search for command outputs." -msgstr "" - -#: ipaserver/plugins/schema.py:776 -msgid "Store and provide schema for commands and topics" -msgstr "" - -#: ipaserver/plugins/schema.py:782 -msgid "Fingerprint of schema cached by client" -msgstr "" - #: ipaserver/plugins/server.py:36 msgid "" "\n" @@ -25606,6 +23749,11 @@ msgstr "" msgid "Following segments were not deleted:" msgstr "" +#: ipaserver/plugins/server.py:914 ipaserver/plugins/trust.py:1865 +#, python-format +msgid "must be \"%s\"" +msgstr "" + #: ipaserver/plugins/server.py:926 msgid "not allowed to perform server connection check" msgstr "" @@ -25640,16 +23788,6 @@ msgstr "" msgid "Cannot hide last enabled %(name)s server." msgstr "" -#: ipaserver/plugins/serverroles.py:84 -#, python-brace-format -msgid "{role}: role not found" -msgstr "" - -#: ipaserver/plugins/serverroles.py:178 -#, python-brace-format -msgid "{attr}: no such attribute" -msgstr "" - #: ipaserver/plugins/servicedelegation.py:26 msgid "" "\n" @@ -25820,6 +23958,1525 @@ msgid_plural "%(count)d service delegation targets matched" msgstr[0] "" msgstr[1] "" +#: ipaserver/plugins/migration.py:46 +msgid "" +"\n" +"Migration to IPA\n" +"\n" +"Migrate users and groups from an LDAP server to IPA.\n" +"\n" +"This performs an LDAP query against the remote server searching for\n" +"users and groups in a container. In order to migrate passwords you need\n" +"to bind as a user that can read the userPassword attribute on the remote\n" +"server. This is generally restricted to high-level admins such as\n" +"cn=Directory Manager in 389-ds (this is the default bind user).\n" +"\n" +"The default user container is ou=People.\n" +"\n" +"The default group container is ou=Groups.\n" +"\n" +"Users and groups that already exist on the IPA server are skipped.\n" +"\n" +"Two LDAP schemas define how group members are stored: RFC2307 and\n" +"RFC2307bis. RFC2307bis uses member and uniquemember to specify group\n" +"members, RFC2307 uses memberUid. The default schema is RFC2307bis.\n" +"\n" +"The schema compat feature allows IPA to reformat data for systems that\n" +"do not support RFC2307bis. It is recommended that this feature is disabled\n" +"during migration to reduce system overhead. It can be re-enabled after\n" +"migration. To migrate with it enabled use the \"--with-compat\" option.\n" +"\n" +"Migrated users do not have Kerberos credentials, they have only their\n" +"LDAP password. To complete the migration process, users need to go\n" +"to http://ipa.example.com/ipa/migration and authenticate using their\n" +"LDAP password in order to generate their Kerberos credentials.\n" +"\n" +"Migration is disabled by default. Use the command ipa config-mod to\n" +"enable it:\n" +"\n" +" ipa config-mod --enable-migration=TRUE\n" +"\n" +"If a base DN is not provided with --basedn then IPA will use either\n" +"the value of defaultNamingContext if it is set or the first value\n" +"in namingContexts set in the root of the remote LDAP server.\n" +"\n" +"Users are added as members to the default user group. This can be a\n" +"time-intensive task so during migration this is done in a batch\n" +"mode for every 100 users. As a result there will be a window in which\n" +"users will be added to IPA but will not be members of the default\n" +"user group.\n" +"\n" +"EXAMPLES:\n" +"\n" +" The simplest migration, accepting all defaults:\n" +" ipa migrate-ds ldap://ds.example.com:389\n" +"\n" +" Specify the user and group container. This can be used to migrate user\n" +" and group data from an IPA v1 server:\n" +" ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n" +" --group-container='cn=groups,cn=accounts' \\\n" +" ldap://ds.example.com:389\n" +"\n" +" Since IPA v2 server already contain predefined groups that may collide " +"with\n" +" groups in migrated (IPA v1) server (for example admins, ipausers), users\n" +" having colliding group as their primary group may happen to belong to\n" +" an unknown group on new IPA v2 server.\n" +" Use --group-overwrite-gid option to overwrite GID of already existing " +"groups\n" +" to prevent this issue:\n" +" ipa migrate-ds --group-overwrite-gid \\\n" +" --user-container='cn=users,cn=accounts' \\\n" +" --group-container='cn=groups,cn=accounts' \\\n" +" ldap://ds.example.com:389\n" +"\n" +" Migrated users or groups may have object class and accompanied attributes\n" +" unknown to the IPA v2 server. These object classes and attributes may be\n" +" left out of the migration process:\n" +" ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n" +" --group-container='cn=groups,cn=accounts' \\\n" +" --user-ignore-objectclass=radiusprofile \\\n" +" --user-ignore-attribute=radiusgroupname \\\n" +" ldap://ds.example.com:389\n" +"\n" +"LOGGING\n" +"\n" +"Migration will log warnings and errors to the Apache error log. This\n" +"file should be evaluated post-migration to correct or investigate any\n" +"issues that were discovered.\n" +"\n" +"For every 100 users migrated an info-level message will be displayed to\n" +"give the current progress and duration to make it possible to track\n" +"the progress of migration.\n" +"\n" +"If the log level is debug, either by setting debug = True in\n" +"/etc/ipa/default.conf or /etc/ipa/server.conf, then an entry will be " +"printed\n" +"for each user added plus a summary when the default user group is\n" +"updated.\n" +msgstr "" + +#: ipaserver/plugins/migration.py:145 +#, python-format +msgid "" +"Kerberos principal %s already exists. Use 'ipa user-mod' to set it manually." +msgstr "" + +#: ipaserver/plugins/migration.py:146 +#, python-format +msgid "" +"Unable to determine if Kerberos principal %s already exists. Use 'ipa user-" +"mod' to set it manually." +msgstr "" + +#: ipaserver/plugins/migration.py:147 +msgid "" +"Failed to add user to the default group. Use 'ipa group-add-member' to add " +"manually." +msgstr "" + +#: ipaserver/plugins/migration.py:148 +msgid "Migration of LDAP search reference is not supported." +msgstr "" + +#: ipaserver/plugins/migration.py:149 +msgid "Malformed DN" +msgstr "" + +#: ipaserver/plugins/migration.py:194 +#, python-format +msgid "%(user)s is not a POSIX user" +msgstr "" + +#: ipaserver/plugins/migration.py:461 +msgid "" +". Check GID of the existing group. Use --group-overwrite-gid option to " +"overwrite the GID" +msgstr "" + +#: ipaserver/plugins/migration.py:476 +msgid "Invalid LDAP URI." +msgstr "" + +#: ipaserver/plugins/migration.py:678 +#, python-format +msgid "%s to exclude from migration" +msgstr "" + +#: ipaserver/plugins/migration.py:680 +msgid "" +"search results for objects to be migrated\n" +"have been truncated by the server;\n" +"migration process might be incomplete\n" +msgstr "" + +#: ipaserver/plugins/migration.py:769 +#, python-format +msgid "" +"%(container)s LDAP search did not return any result (search base: " +"%(search_base)s, objectclass: %(objectclass)s)" +msgstr "" + +#: ipaserver/plugins/migration.py:804 ipaserver/plugins/user.py:588 +msgid "Default group for new users not found" +msgstr "" + +#: ipaserver/plugins/certprofile.py:21 +msgid "" +"\n" +"Manage Certificate Profiles\n" +"\n" +"Certificate Profiles are used by Certificate Authority (CA) in the signing " +"of\n" +"certificates to determine if a Certificate Signing Request (CSR) is " +"acceptable,\n" +"and if so what features and extensions will be present on the certificate.\n" +"\n" +"The Certificate Profile format is the property-list format understood by " +"the\n" +"Dogtag or Red Hat Certificate System CA.\n" +"\n" +"PROFILE ID SYNTAX:\n" +"\n" +"A Profile ID is a string without spaces or punctuation starting with a " +"letter\n" +"and followed by a sequence of letters, digits or underscore (\"_\").\n" +"\n" +"EXAMPLES:\n" +"\n" +" Import a profile that will not store issued certificates:\n" +" ipa certprofile-import ShortLivedUserCert \\\n" +" --file UserCert.profile --desc \"User Certificates\" \\\n" +" --store=false\n" +"\n" +" Delete a certificate profile:\n" +" ipa certprofile-del ShortLivedUserCert\n" +"\n" +" Show information about a profile:\n" +" ipa certprofile-show ShortLivedUserCert\n" +"\n" +" Save profile configuration to a file:\n" +" ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n" +"\n" +" Search for profiles that do not store certificates:\n" +" ipa certprofile-find --store=false\n" +"\n" +"PROFILE CONFIGURATION FORMAT:\n" +"\n" +"The profile configuration format is the raw property-list format\n" +"used by Dogtag Certificate System. The XML format is not supported.\n" +"\n" +"The following restrictions apply to profiles managed by IPA:\n" +"\n" +"- When importing a profile the \"profileId\" field, if present, must\n" +" match the ID given on the command line.\n" +"\n" +"- The \"classId\" field must be set to \"caEnrollImpl\"\n" +"\n" +"- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n" +"\n" +"- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n" +" class must be used.\n" +"\n" +msgstr "" + +#: ipaserver/plugins/certprofile.py:95 +msgid "invalid Profile ID" +msgstr "" + +#: ipaserver/plugins/certprofile.py:106 ipaserver/plugins/certprofile.py:116 +msgid "Certificate Profile" +msgstr "" + +#: ipaserver/plugins/certprofile.py:107 ipaserver/plugins/certprofile.py:115 +msgid "Certificate Profiles" +msgstr "" + +#: ipaserver/plugins/certprofile.py:126 +msgid "Profile configuration" +msgstr "" + +#: ipaserver/plugins/certprofile.py:190 +#, python-format +msgid "%(count)d profile matched" +msgid_plural "%(count)d profiles matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/certprofile.py:222 +#, python-format +msgid "Imported profile \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/certprofile.py:247 +#, python-format +msgid "Profile data specifies profileId multiple times: %(values)s" +msgstr "" + +#: ipaserver/plugins/certprofile.py:255 +#, python-format +msgid "Profile ID '%(cli_value)s' does not match profile data '%(file_value)s'" +msgstr "" + +#: ipaserver/plugins/certprofile.py:282 +#, python-format +msgid "Deleted profile \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/certprofile.py:289 +#, python-format +msgid "Predefined profile '%(profile_id)s' cannot be deleted" +msgstr "" + +#: ipaserver/plugins/certprofile.py:305 +#, python-format +msgid "Modified Certificate Profile \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/certprofile.py:322 +msgid "Certificate profiles cannot be renamed" +msgstr "" + +#: ipaserver/plugins/certprofile.py:327 +msgid "Insufficient privilege to modify a certificate profile." +msgstr "" + +#: ipaserver/plugins/config.py:41 +msgid "" +"\n" +"Server configuration\n" +"\n" +"Manage the default values that IPA uses and some of its tuning parameters.\n" +"\n" +"NOTES:\n" +"\n" +"The password notification value (--pwdexpnotify) is stored here so it will\n" +"be replicated. It is not currently used to notify users in advance of an\n" +"expiring password.\n" +"\n" +"Some attributes are read-only, provided only for information purposes. " +"These\n" +"include:\n" +"\n" +"Certificate Subject base: the configured certificate subject base,\n" +" e.g. O=EXAMPLE.COM. This is configurable only at install time.\n" +"Password plug-in features: currently defines additional hashes that the\n" +" password will generate (there may be other conditions).\n" +"\n" +"When setting the order list for mapping SELinux users you may need to\n" +"quote the value so it isn't interpreted by the shell.\n" +"\n" +"The maximum length of a hostname in Linux is controlled by\n" +"MAXHOSTNAMELEN in the kernel and defaults to 64. Some other operating\n" +"systems, Solaris for example, allows hostnames up to 255 characters.\n" +"This option will allow flexibility in length but by default limiting\n" +"to the Linux maximum length.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Show basic server configuration:\n" +" ipa config-show\n" +"\n" +" Show all configuration options:\n" +" ipa config-show --all\n" +"\n" +" Change maximum username length to 99 characters:\n" +" ipa config-mod --maxusername=99\n" +"\n" +" Change maximum host name length to 255 characters:\n" +" ipa config-mod --maxhostname=255\n" +"\n" +" Increase default time and size limits for maximum IPA server search:\n" +" ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000\n" +"\n" +" Set default user e-mail domain:\n" +" ipa config-mod --emaildomain=example.com\n" +"\n" +" Enable migration mode to make \"ipa migrate-ds\" command operational:\n" +" ipa config-mod --enable-migration=TRUE\n" +"\n" +" Define SELinux user map order:\n" +" ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0-" +"s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'\n" +msgstr "" + +#: ipaserver/plugins/config.py:107 +msgid "must be at least 10" +msgstr "" + +#: ipaserver/plugins/config.py:115 +msgid "configuration options" +msgstr "" + +#: ipaserver/plugins/config.py:150 ipaserver/plugins/config.py:151 +msgid "Configuration" +msgstr "" + +#: ipaserver/plugins/config.py:162 +msgid "Maximum hostname length" +msgstr "" + +#: ipaserver/plugins/config.py:266 +msgid "IPA masters" +msgstr "" + +#: ipaserver/plugins/config.py:267 +msgid "List of all IPA masters" +msgstr "" + +#: ipaserver/plugins/config.py:272 +msgid "Hidden IPA masters" +msgstr "" + +#: ipaserver/plugins/config.py:273 +msgid "List of all hidden IPA masters" +msgstr "" + +#: ipaserver/plugins/config.py:278 +msgid "IPA master capable of PKINIT" +msgstr "" + +#: ipaserver/plugins/config.py:279 +msgid "IPA master which can process PKINIT requests" +msgstr "" + +#: ipaserver/plugins/config.py:284 +msgid "IPA CA servers" +msgstr "" + +#: ipaserver/plugins/config.py:285 +msgid "IPA servers configured as certificate authority" +msgstr "" + +#: ipaserver/plugins/config.py:290 +msgid "Hidden IPA CA servers" +msgstr "" + +#: ipaserver/plugins/config.py:291 +msgid "Hidden IPA servers configured as certificate authority" +msgstr "" + +#: ipaserver/plugins/config.py:296 +msgid "IPA CA renewal master" +msgstr "" + +#: ipaserver/plugins/config.py:297 +msgid "Renewal master for IPA certificate authority" +msgstr "" + +#: ipaserver/plugins/config.py:303 +msgid "IPA servers configured as key recovery agent" +msgstr "" + +#: ipaserver/plugins/config.py:308 +msgid "Hidden IPA KRA servers" +msgstr "" + +#: ipaserver/plugins/config.py:309 +msgid "Hidden IPA servers configured as key recovery agent" +msgstr "" + +#: ipaserver/plugins/config.py:321 ipaserver/plugins/dns.py:4119 +msgid "IPA DNS servers" +msgstr "" + +#: ipaserver/plugins/config.py:322 +msgid "IPA servers configured as domain name server" +msgstr "" + +#: ipaserver/plugins/config.py:327 +msgid "Hidden IPA DNS servers" +msgstr "" + +#: ipaserver/plugins/config.py:328 +msgid "Hidden IPA servers configured as domain name server" +msgstr "" + +#: ipaserver/plugins/config.py:333 ipaserver/plugins/dns.py:4125 +msgid "IPA DNSSec key master" +msgstr "" + +#: ipaserver/plugins/config.py:334 +msgid "DNSec key master" +msgstr "" + +#: ipaserver/plugins/config.py:411 +msgid "Empty domain is not allowed" +msgstr "" + +#: ipaserver/plugins/config.py:419 +#, python-format +msgid "Invalid domain name '%(domain)s': %(e)s" +msgstr "" + +#: ipaserver/plugins/config.py:424 +#, python-format +msgid "Server has no information about domain '%(domain)s'" +msgstr "" + +#: ipaserver/plugins/config.py:431 +#, python-format +msgid "Disabled domain '%(domain)s' is not allowed" +msgstr "" + +#: ipaserver/plugins/config.py:483 +msgid "The group doesn't exist" +msgstr "" + +#: ipaserver/plugins/config.py:501 +#, python-format +msgid "attribute \"%s\" not allowed" +msgstr "" + +#: ipaserver/plugins/config.py:521 +msgid "May not be empty" +msgstr "" + +#: ipaserver/plugins/config.py:540 +#, python-format +msgid "%(obj)s default attribute %(attr)s would not be allowed!" +msgstr "" + +#: ipaserver/plugins/config.py:572 +msgid "A list of SELinux users delimited by $ expected" +msgstr "" + +#: ipaserver/plugins/config.py:576 +#, python-format +msgid "SELinux user '%(user)s' is not valid: %(error)s" +msgstr "" + +#: ipaserver/plugins/config.py:588 +msgid "SELinux user map default user not in order list" +msgstr "" + +#: ipaserver/plugins/dns.py:100 +msgid "" +"\n" +"Domain Name System (DNS)\n" +msgstr "" + +#: ipaserver/plugins/dns.py:102 +msgid "" +"\n" +"Manage DNS zone and resource records.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:104 +msgid "" +"\n" +"SUPPORTED ZONE TYPES\n" +"\n" +" * Master zone (dnszone-*), contains authoritative data.\n" +" * Forward zone (dnsforwardzone-*), forwards queries to configured " +"forwarders\n" +" (a set of DNS servers).\n" +msgstr "" + +#: ipaserver/plugins/dns.py:110 +msgid "" +"\n" +"USING STRUCTURED PER-TYPE OPTIONS\n" +msgstr "" + +#: ipaserver/plugins/dns.py:112 +msgid "" +"\n" +"There are many structured DNS RR types where DNS data stored in LDAP server\n" +"is not just a scalar value, for example an IP address or a domain name, but\n" +"a data structure which may be often complex. A good example is a LOC record\n" +"[RFC1876] which consists of many mandatory and optional parts (degrees,\n" +"minutes, seconds of latitude and longitude, altitude or precision).\n" +msgstr "" + +#: ipaserver/plugins/dns.py:118 +msgid "" +"\n" +"It may be difficult to manipulate such DNS records without making a mistake\n" +"and entering an invalid value. DNS module provides an abstraction over " +"these\n" +"raw records and allows to manipulate each RR type with specific options. " +"For\n" +"each supported RR type, DNS module provides a standard option to manipulate\n" +"a raw records with format ---rec, e.g. --mx-rec, and special " +"options\n" +"for every part of the RR structure with format ---, e.g.\n" +"--mx-preference and --mx-exchanger.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:126 +msgid "" +"\n" +"When adding a record, either RR specific options or standard option for a " +"raw\n" +"value can be used, they just should not be combined in one add operation. " +"When\n" +"modifying an existing entry, new RR specific options can be used to change\n" +"one part of a DNS record, where the standard option for raw value is used\n" +"to specify the modified value. The following example demonstrates\n" +"a modification of MX record preference from 0 to 1 in a record without\n" +"modifying the exchanger:\n" +"ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n" +msgstr "" + +#: ipaserver/plugins/dns.py:135 +msgid "" +"\n" +"\n" +"EXAMPLES:\n" +msgstr "" + +#: ipaserver/plugins/dns.py:138 +msgid "" +"\n" +" Add new zone:\n" +" ipa dnszone-add example.com --admin-email=admin@example.com\n" +msgstr "" + +#: ipaserver/plugins/dns.py:141 +msgid "" +"\n" +" Add system permission that can be used for per-zone privilege delegation:\n" +" ipa dnszone-add-permission example.com\n" +msgstr "" + +#: ipaserver/plugins/dns.py:144 +msgid "" +"\n" +" Modify the zone to allow dynamic updates for hosts own records in realm " +"EXAMPLE.COM:\n" +" ipa dnszone-mod example.com --dynamic-update=TRUE\n" +msgstr "" + +#: ipaserver/plugins/dns.py:147 +msgid "" +"\n" +" This is the equivalent of:\n" +" ipa dnszone-mod example.com --dynamic-update=TRUE \\\n" +" --update-policy=\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM " +"krb5-self * AAAA; grant EXAMPLE.COM krb5-self * SSHFP;\"\n" +msgstr "" + +#: ipaserver/plugins/dns.py:151 +msgid "" +"\n" +" Modify the zone to allow zone transfers for local network only:\n" +" ipa dnszone-mod example.com --allow-transfer=192.0.2.0/24\n" +msgstr "" + +#: ipaserver/plugins/dns.py:154 +msgid "" +"\n" +" Add new reverse zone specified by network IP address:\n" +" ipa dnszone-add --name-from-ip=192.0.2.0/24\n" +msgstr "" + +#: ipaserver/plugins/dns.py:157 +msgid "" +"\n" +" Add second nameserver for example.com:\n" +" ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n" +msgstr "" + +#: ipaserver/plugins/dns.py:160 +msgid "" +"\n" +" Add a mail server for example.com:\n" +" ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n" +msgstr "" + +#: ipaserver/plugins/dns.py:163 +msgid "" +"\n" +" Add another record using MX record specific options:\n" +" ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n" +msgstr "" + +#: ipaserver/plugins/dns.py:166 +msgid "" +"\n" +" Add another record using interactive mode (started when dnsrecord-add, " +"dnsrecord-mod,\n" +" or dnsrecord-del are executed with no options):\n" +" ipa dnsrecord-add example.com @\n" +" Please choose a type of DNS resource record to be added\n" +" The most common types for this type of zone are: NS, MX, LOC\n" +"\n" +" DNS resource record type: MX\n" +" MX Preference: 30\n" +" MX Exchanger: mail3\n" +" Record name: example.com\n" +" MX record: 10 mail1, 20 mail2, 30 mail3\n" +" NS record: nameserver.example.com., nameserver2.example.com.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:179 +msgid "" +"\n" +" Delete previously added nameserver from example.com:\n" +" ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:182 +msgid "" +"\n" +" Add LOC record for example.com:\n" +" ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E " +"227.64m\"\n" +msgstr "" + +#: ipaserver/plugins/dns.py:185 +msgid "" +"\n" +" Add new A record for www.example.com. Create a reverse record in " +"appropriate\n" +" reverse zone as well. In this case a PTR record \"2\" pointing to www." +"example.com\n" +" will be created in zone 2.0.192.in-addr.arpa.\n" +" ipa dnsrecord-add example.com www --a-rec=192.0.2.2 --a-create-reverse\n" +msgstr "" + +#: ipaserver/plugins/dns.py:190 +msgid "" +"\n" +" Add new PTR record for www.example.com\n" +" ipa dnsrecord-add 2.0.192.in-addr.arpa. 2 --ptr-rec=www.example.com.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:193 +msgid "" +"\n" +" Add new SRV records for LDAP servers. Three quarters of the requests\n" +" should go to fast.example.com, one quarter to slow.example.com. If neither\n" +" is available, switch to backup.example.com.\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example." +"com\"\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example." +"com\"\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup." +"example.com\"\n" +msgstr "" + +#: ipaserver/plugins/dns.py:200 +msgid "" +"\n" +" The interactive mode can be used for easy modification:\n" +" ipa dnsrecord-mod example.com _ldap._tcp\n" +" No option to modify specific record provided.\n" +" Current DNS record contents:\n" +"\n" +" SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 " +"backup.example.com\n" +"\n" +" Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n" +" Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n" +" SRV Priority [0]: (keep the default value)\n" +" SRV Weight [1]: 2 (modified value)\n" +" SRV Port [389]: (keep the default value)\n" +" SRV Target [slow.example.com]: (keep the default value)\n" +" 1 SRV record skipped. Only one value per DNS record type can be modified " +"at one time.\n" +" Record name: _ldap._tcp\n" +" SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 " +"389 slow.example.com\n" +msgstr "" + +#: ipaserver/plugins/dns.py:217 +msgid "" +"\n" +" After this modification, three fifths of the requests should go to\n" +" fast.example.com and two fifths to slow.example.com.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:220 +msgid "" +"\n" +" An example of the interactive mode for dnsrecord-del command:\n" +" ipa dnsrecord-del example.com www\n" +" No option to delete specific record provided.\n" +" Delete all? Yes/No (default No): (do not delete all records)\n" +" Current DNS record contents:\n" +"\n" +" A record: 192.0.2.2, 192.0.2.3\n" +"\n" +" Delete A record '192.0.2.2'? Yes/No (default No):\n" +" Delete A record '192.0.2.3'? Yes/No (default No): y\n" +" Record name: www\n" +" A record: 192.0.2.2 (A record 192.0.2.3 has been " +"deleted)\n" +msgstr "" + +#: ipaserver/plugins/dns.py:233 +msgid "" +"\n" +" Show zone example.com:\n" +" ipa dnszone-show example.com\n" +msgstr "" + +#: ipaserver/plugins/dns.py:236 +msgid "" +"\n" +" Find zone with \"example\" in its domain name:\n" +" ipa dnszone-find example\n" +msgstr "" + +#: ipaserver/plugins/dns.py:239 +msgid "" +"\n" +" Find records for resources with \"www\" in their name in zone example.com:\n" +" ipa dnsrecord-find example.com www\n" +msgstr "" + +#: ipaserver/plugins/dns.py:242 +msgid "" +"\n" +" Find A records with value 192.0.2.2 in zone example.com\n" +" ipa dnsrecord-find example.com --a-rec=192.0.2.2\n" +msgstr "" + +#: ipaserver/plugins/dns.py:245 +msgid "" +"\n" +" Show records for resource www in zone example.com\n" +" ipa dnsrecord-show example.com www\n" +msgstr "" + +#: ipaserver/plugins/dns.py:248 +msgid "" +"\n" +" Delegate zone sub.example to another nameserver:\n" +" ipa dnsrecord-add example.com ns.sub --a-rec=203.0.113.1\n" +" ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:252 +msgid "" +"\n" +" Delete zone example.com with all resource records:\n" +" ipa dnszone-del example.com\n" +msgstr "" + +#: ipaserver/plugins/dns.py:255 +msgid "" +"\n" +" If a global forwarder is configured, all queries for which this server is " +"not\n" +" authoritative (e.g. sub.example.com) will be routed to the global " +"forwarder.\n" +" Global forwarding configuration can be overridden per-zone.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:259 +msgid "" +"\n" +" Semantics of forwarding in IPA matches BIND semantics and depends on the " +"type\n" +" of zone:\n" +" * Master zone: local BIND replies authoritatively to queries for data in\n" +" the given zone (including authoritative NXDOMAIN answers) and forwarding\n" +" affects only queries for names below zone cuts (NS records) of locally\n" +" served zones.\n" +"\n" +" * Forward zone: forward zone contains no authoritative data. BIND " +"forwards\n" +" queries, which cannot be answered from its local cache, to configured\n" +" forwarders.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:270 +msgid "" +"\n" +" Semantics of the --forward-policy option:\n" +" * none - disable forwarding for the given zone.\n" +" * first - forward all queries to configured forwarders. If they fail,\n" +" do resolution using DNS root servers.\n" +" * only - forward all queries to configured forwarders and if they fail,\n" +" return failure.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:277 +msgid "" +"\n" +" Disable global forwarding for given sub-tree:\n" +" ipa dnszone-mod example.com --forward-policy=none\n" +msgstr "" + +#: ipaserver/plugins/dns.py:280 +msgid "" +"\n" +" This configuration forwards all queries for names outside the example.com\n" +" sub-tree to global forwarders. Normal recursive resolution process is used\n" +" for names inside the example.com sub-tree (i.e. NS records are followed " +"etc.).\n" +msgstr "" + +#: ipaserver/plugins/dns.py:284 +msgid "" +"\n" +" Forward all requests for the zone external.example.com to another " +"forwarder\n" +" using a \"first\" policy (it will send the queries to the selected " +"forwarder\n" +" and if not answered it will use global root servers):\n" +" ipa dnsforwardzone-add external.example.com --forward-policy=first \\\n" +" --forwarder=203.0.113.1\n" +msgstr "" + +#: ipaserver/plugins/dns.py:290 +msgid "" +"\n" +" Change forward-policy for external.example.com:\n" +" ipa dnsforwardzone-mod external.example.com --forward-policy=only\n" +msgstr "" + +#: ipaserver/plugins/dns.py:293 +msgid "" +"\n" +" Show forward zone external.example.com:\n" +" ipa dnsforwardzone-show external.example.com\n" +msgstr "" + +#: ipaserver/plugins/dns.py:296 +msgid "" +"\n" +" List all forward zones:\n" +" ipa dnsforwardzone-find\n" +msgstr "" + +#: ipaserver/plugins/dns.py:299 +msgid "" +"\n" +" Delete forward zone external.example.com:\n" +" ipa dnsforwardzone-del external.example.com\n" +msgstr "" + +#: ipaserver/plugins/dns.py:302 +msgid "" +"\n" +" Resolve a host name to see if it exists (will add default IPA domain\n" +" if one is not included):\n" +" ipa dns-resolve www.example.com\n" +" ipa dns-resolve www\n" +msgstr "" + +#: ipaserver/plugins/dns.py:307 +msgid "" +"\n" +"\n" +"GLOBAL DNS CONFIGURATION\n" +msgstr "" + +#: ipaserver/plugins/dns.py:310 +msgid "" +"\n" +"DNS configuration passed to command line install script is stored in a " +"local\n" +"configuration file on each IPA server where DNS service is configured. " +"These\n" +"local settings can be overridden with a common configuration stored in LDAP\n" +"server:\n" +msgstr "" + +#: ipaserver/plugins/dns.py:315 +msgid "" +"\n" +" Show global DNS configuration:\n" +" ipa dnsconfig-show\n" +msgstr "" + +#: ipaserver/plugins/dns.py:318 +msgid "" +"\n" +" Modify global DNS configuration and set a list of global forwarders:\n" +" ipa dnsconfig-mod --forwarder=203.0.113.113\n" +msgstr "" + +#: ipaserver/plugins/dns.py:406 +msgid "invalid IP network format" +msgstr "" + +#: ipaserver/plugins/dns.py:415 +msgid "each ACL element must be terminated with a semicolon" +msgstr "" + +#: ipaserver/plugins/dns.py:431 +msgid "invalid address format" +msgstr "" + +#: ipaserver/plugins/dns.py:475 +msgid "" +"expected format: <0-255> <0-255> <0-65535> even-" +"length_hexadecimal_digits_or_hyphen" +msgstr "" + +#: ipaserver/plugins/dns.py:484 +msgid "algorithm value: allowed interval 0-255" +msgstr "" + +#: ipaserver/plugins/dns.py:487 +msgid "flags value: allowed interval 0-255" +msgstr "" + +#: ipaserver/plugins/dns.py:490 +msgid "iterations value: allowed interval 0-65535" +msgstr "" + +#: ipaserver/plugins/dns.py:498 +#, python-format +msgid "salt value: %(err)s" +msgstr "" + +#: ipaserver/plugins/dns.py:505 +msgid "invalid domain-name: not fully qualified" +msgstr "" + +#: ipaserver/plugins/dns.py:514 +msgid "should not be a wildcard domain name (RFC 4592 section 4)" +msgstr "" + +#: ipaserver/plugins/dns.py:555 +#, python-format +msgid "" +"All nameservers failed to answer the query for DNS reverse zone %(revdns)s" +msgstr "" + +#: ipaserver/plugins/dns.py:564 +#, python-format +msgid "" +"DNS reverse zone %(revzone)s for IP address %(addr)s is not managed by this " +"server" +msgstr "" + +#: ipaserver/plugins/dns.py:581 +#, python-format +msgid "DNS zone %(zone)s not found" +msgstr "" + +#: ipaserver/plugins/dns.py:596 +#, python-format +msgid "IP address %(ip)s is already assigned in domain %(domain)s." +msgstr "" + +#: ipaserver/plugins/dns.py:606 +#, python-format +msgid "" +"Reverse record for IP address %(ip)s already exists in reverse zone %(zone)s." +msgstr "" + +#: ipaserver/plugins/dns.py:681 +#, python-format +msgid "%s record" +msgstr "" + +#: ipaserver/plugins/dns.py:683 +#, python-format +msgid "Raw %s records" +msgstr "" + +#: ipaserver/plugins/dns.py:684 +#, python-format +msgid "%s Record" +msgstr "" + +#: ipaserver/plugins/dns.py:685 +#, python-format +msgid "(see RFC %s for details)" +msgstr "" + +#: ipaserver/plugins/dns.py:747 +#, python-format +msgid "'%s' is a required part of DNS record" +msgstr "" + +#: ipaserver/plugins/dns.py:754 +msgid "Invalid number of parts!" +msgstr "" + +#: ipaserver/plugins/dns.py:806 +#, python-format +msgid "DNS RR type \"%s\" is not supported by bind-dyndb-ldap plugin" +msgstr "" + +#: ipaserver/plugins/dns.py:822 +#, python-format +msgid "format must be specified as \"%(format)s\" %(rfcs)s" +msgstr "" + +#: ipaserver/plugins/dns.py:897 +msgid "Create reverse" +msgstr "" + +#: ipaserver/plugins/dns.py:933 +#, python-format +msgid "Cannot create reverse record for \"%(value)s\": %(exc)s" +msgstr "" + +#: ipaserver/plugins/dns.py:1108 ipaserver/plugins/dns.py:1265 +msgid "Exchanger" +msgstr "" + +#: ipaserver/plugins/dns.py:1183 +msgid "" +"format must be specified as\n" +" \"d1 [m1 [s1]] {\"N\"|\"S\"} d2 [m2 [s2]] {\"E\"|\"W\"} alt[\"m\"] " +"[siz[\"m\"] [hp[\"m\"] [vp[\"m\"]]]]\"\n" +" where:\n" +" d1: [0 .. 90] (degrees latitude)\n" +" d2: [0 .. 180] (degrees longitude)\n" +" m1, m2: [0 .. 59] (minutes latitude/longitude)\n" +" s1, s2: [0 .. 59.999] (seconds latitude/longitude)\n" +" alt: [-100000.00 .. 42849672.95] BY .01 (altitude in meters)\n" +" siz, hp, vp: [0 .. 90000000.00] (size/precision in meters)\n" +" See RFC 1876 for details" +msgstr "" + +#: ipaserver/plugins/dns.py:1237 +#, python-format +msgid "'%(required)s' must not be empty when '%(name)s' is set" +msgstr "" + +#: ipaserver/plugins/dns.py:1292 +msgid "flags must be one of \"S\", \"A\", \"U\", or \"P\"" +msgstr "" + +#: ipaserver/plugins/dns.py:1353 ipaserver/plugins/dns.py:1483 +msgid "Priority (order)" +msgstr "" + +#: ipaserver/plugins/dns.py:1354 +msgid "" +"Lower number means higher priority. Clients will attempt to contact the " +"server with the lowest-numbered priority they can reach." +msgstr "" + +#: ipaserver/plugins/dns.py:1362 ipaserver/plugins/dns.py:1492 +msgid "Relative weight for entries with the same priority." +msgstr "" + +#: ipaserver/plugins/dns.py:1382 +msgid "the value does not follow \"YYYYMMDDHHMMSS\" time format" +msgstr "" + +#: ipaserver/plugins/dns.py:1484 +msgid "" +"Lower number means higher priority. Clients will attempt to contact the URI " +"with the lowest-numbered priority they can reach." +msgstr "" + +#: ipaserver/plugins/dns.py:1497 +msgid "Target Uniform Resource Identifier" +msgstr "" + +#: ipaserver/plugins/dns.py:1498 +msgid "Target Uniform Resource Identifier according to RFC 3986" +msgstr "" + +#: ipaserver/plugins/dns.py:1580 +#, python-format +msgid "Nameserver '%(host)s' does not have a corresponding A/AAAA record" +msgstr "" + +#: ipaserver/plugins/dns.py:2049 +msgid "Managedby permission" +msgstr "" + +#: ipaserver/plugins/dns.py:2150 +msgid "cannot be used when a zone is specified" +msgstr "" + +#: ipaserver/plugins/dns.py:2162 +msgid "Only one zone type is allowed per zone name" +msgstr "" + +#: ipaserver/plugins/dns.py:2305 +#, python-format +msgid "Added system permission \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:2335 +#, python-format +msgid "permission \"%(value)s\" already exists" +msgstr "" + +#: ipaserver/plugins/dns.py:2363 +#, python-format +msgid "Removed system permission \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:2399 +msgid "DNS zone" +msgstr "" + +#: ipaserver/plugins/dns.py:2400 +msgid "DNS zones" +msgstr "" + +#: ipaserver/plugins/dns.py:2408 +msgid "DNS Zones" +msgstr "" + +#: ipaserver/plugins/dns.py:2409 +msgid "DNS Zone" +msgstr "" + +#: ipaserver/plugins/dns.py:2481 +msgid "Default time to live" +msgstr "" + +#: ipaserver/plugins/dns.py:2482 +msgid "Time to live for records without explicit TTL definition" +msgstr "" + +#: ipaserver/plugins/dns.py:2697 +msgid "setting Authoritative nameserver" +msgstr "" + +#: ipaserver/plugins/dns.py:2698 +msgid "It is used only for setting the SOA MNAME attribute." +msgstr "" + +#: ipaserver/plugins/dns.py:2700 +msgid "NS record(s) can be edited in zone apex - '@'. " +msgstr "" + +#: ipaserver/plugins/dns.py:2735 +msgid "" +msgstr "" + +#: ipaserver/plugins/dns.py:2791 +msgid "Nameserver for reverse zone cannot be a relative DNS name" +msgstr "" + +#: ipaserver/plugins/dns.py:2846 +#, python-format +msgid "Deleted DNS zone \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:2899 +msgid "is required" +msgstr "" + +#: ipaserver/plugins/dns.py:2980 +#, python-format +msgid "Disabled DNS zone \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:2991 +#, python-format +msgid "Enabled DNS zone \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:3016 +msgid "DNS resource record" +msgstr "" + +#: ipaserver/plugins/dns.py:3017 +msgid "DNS resource records" +msgstr "" + +#: ipaserver/plugins/dns.py:3024 +msgid "DNS Resource Records" +msgstr "" + +#: ipaserver/plugins/dns.py:3025 +msgid "DNS Resource Record" +msgstr "" + +#: ipaserver/plugins/dns.py:3060 +msgid "DS record must not be in zone apex (RFC 4035 section 2.4)" +msgstr "" + +#: ipaserver/plugins/dns.py:3077 +msgid "" +"out-of-zone data: record name must be a subdomain of the zone or a relative " +"name" +msgstr "" + +#: ipaserver/plugins/dns.py:3088 +#, python-format +msgid "" +"owner of %(types)s records should not be a wildcard domain name (RFC 4592 " +"section 4)" +msgstr "" + +#: ipaserver/plugins/dns.py:3133 +#, python-format +msgid "" +"Reverse zone %(name)s requires exactly %(count)d IP address components, " +"%(user_count)d given" +msgstr "" + +#: ipaserver/plugins/dns.py:3175 +msgid "only master zones can contain records" +msgstr "" + +#: ipaserver/plugins/dns.py:3273 +msgid "only one CNAME record is allowed per name (RFC 2136, section 1.1.5)" +msgstr "" + +#: ipaserver/plugins/dns.py:3279 +msgid "" +"CNAME record is not allowed to coexist with any other record (RFC 1034, " +"section 3.6.2)" +msgstr "" + +#: ipaserver/plugins/dns.py:3287 +msgid "only one DNAME record is allowed per name (RFC 6672, section 2.4)" +msgstr "" + +#: ipaserver/plugins/dns.py:3303 +#, python-format +msgid "" +"NS record is not allowed to coexist with an %(type)s record except when " +"located in a zone root record (RFC 2181, section 6.1)" +msgstr "" + +#: ipaserver/plugins/dns.py:3319 +msgid "" +"DS record requires to coexist with an NS record (RFC 4592 section 4.6, RFC " +"4035 section 2.4)" +msgstr "" + +#: ipaserver/plugins/dns.py:3600 +#, python-format +msgid "Raw value of a DNS record was already set by \"%(name)s\" option" +msgstr "" + +#: ipaserver/plugins/dns.py:3726 +msgid "DNS zone root record cannot be renamed" +msgstr "" + +#: ipaserver/plugins/dns.py:3744 +msgid "DNS records can be only updated one at a time" +msgstr "" + +#: ipaserver/plugins/dns.py:3837 +#, python-format +msgid "Deleted record \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:3930 +#, python-format +msgid "Zone record '%s' cannot be deleted" +msgstr "" + +#: ipaserver/plugins/dns.py:4032 +#, python-format +msgid "Found '%(value)s'" +msgstr "" + +#: ipaserver/plugins/dns.py:4047 +#, python-format +msgid "Host '%(host)s' not found" +msgstr "" + +#: ipaserver/plugins/dns.py:4078 +msgid "DNS configuration options" +msgstr "" + +#: ipaserver/plugins/dns.py:4083 ipaserver/plugins/dns.py:4084 +msgid "DNS Global Configuration" +msgstr "" + +#: ipaserver/plugins/dns.py:4115 +msgid "IPA DNS version" +msgstr "" + +#: ipaserver/plugins/dns.py:4120 +msgid "List of IPA masters configured as DNS servers" +msgstr "" + +#: ipaserver/plugins/dns.py:4126 +msgid "IPA server configured as DNSSec key master" +msgstr "" + +#: ipaserver/plugins/dns.py:4177 +msgid "Global DNS configuration is empty" +msgstr "" + +#: ipaserver/plugins/dns.py:4258 +msgid "DNS forward zone" +msgstr "" + +#: ipaserver/plugins/dns.py:4259 +msgid "DNS forward zones" +msgstr "" + +#: ipaserver/plugins/dns.py:4261 +msgid "DNS Forward Zones" +msgstr "" + +#: ipaserver/plugins/dns.py:4262 +msgid "DNS Forward Zone" +msgstr "" + +#: ipaserver/plugins/dns.py:4369 ipaserver/plugins/dns.py:4419 +msgid "Please specify forwarders." +msgstr "" + +#: ipaserver/plugins/dns.py:4388 +#, python-format +msgid "Deleted DNS forward zone \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:4445 +#, python-format +msgid "Disabled DNS forward zone \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:4451 +#, python-format +msgid "Enabled DNS forward zone \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:4474 +msgid "IPA DNS records" +msgstr "" + +#: ipaserver/plugins/dns.py:4478 +msgid "IPA location records" +msgstr "" + +#: ipaserver/plugins/dns.py:4485 +msgid "Update location and IPA server DNS records" +msgstr "" + +#: ipaserver/plugins/dns.py:4496 +msgid "Result of the command" +msgstr "" + +#: ipaserver/plugins/dns.py:4503 +msgid "Dry run" +msgstr "" + +#: ipaserver/plugins/dns.py:4504 +msgid "Do not update records only return expected records" +msgstr "" + +#: ipaserver/plugins/privilege.py:76 +#, python-format +msgid "" +"cannot add permission \"%(perm)s\" with bindtype \"%(bindtype)s\" to a " +"privilege" +msgstr "" + +#: ipaserver/plugins/privilege.py:149 +msgid "Privilege" +msgstr "" + +#: ipaserver/plugins/privilege.py:169 +#, python-format +msgid "Added privilege \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/privilege.py:176 +#, python-format +msgid "Deleted privilege \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/privilege.py:183 +#, python-format +msgid "Modified privilege \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/privilege.py:191 +#, python-format +msgid "%(count)d privilege matched" +msgid_plural "%(count)d privileges matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/pwpolicy.py:92 +msgid "Class of Service object used for linking policies with groups" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:143 +#, python-format +msgid "priority must be a unique value (%(prio)d already used by %(gname)s)" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:171 +msgid "Add Class of Service entry" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:194 +msgid "Delete Class of Service entry" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:200 +msgid "Modify Class of Service entry" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:218 +msgid "Display Class of Service entry" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:224 +msgid "Search for Class of Service entry" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:237 +msgid "password policy" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:238 +msgid "password policies" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:297 +msgid "Password Policies" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:370 +msgid "Max repeat" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:371 +msgid "Maximum number of same consecutive characters" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:379 +msgid "Max sequence" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:380 +msgid "The max. length of monotonic character sequences (abcd)" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:388 +msgid "Dictionary check" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:389 +msgid "Check if the password is a dictionary word" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:395 +msgid "User check" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:396 +msgid "Check if the password contains the username" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:469 +msgid "" +"Minimum length must be >= 6 if maxrepeat, maxsequence, dictcheck or " +"usercheck are defined" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:494 +msgid "Maximum password life must be greater than minimum." +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:551 +msgid "cannot delete global password policy" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:585 +msgid "priority cannot be set on global policy" +msgstr "" + #: ipaserver/plugins/session.py:12 msgid "" "\n" @@ -25932,19 +25589,6 @@ msgstr "" msgid "Base-64 encoded service certificate" msgstr "" -#: ipaserver/plugins/service.py:543 ipaserver/plugins/host.py:586 -msgid "Authentication Indicators" -msgstr "" - -#: ipaserver/plugins/service.py:544 ipaserver/plugins/host.py:587 -msgid "" -"Defines an allow list for Authentication Indicators. Use 'otp' to allow OTP-" -"based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA " -"authentications. Use 'pkinit' to allow PKINIT-based 2FA authentications. Use " -"'hardened' to allow brute-force hardened password authentication by SPAKE or " -"FAST. With no indicator specified, all authentication mechanisms are allowed." -msgstr "" - #: ipaserver/plugins/service.py:569 msgid "NONE value cannot be combined with other PAC types" msgstr "" @@ -26072,790 +25716,1037 @@ msgid_plural "%(count)d delegations matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/otptoken.py:42 -msgid "" -"\n" -"OTP Tokens\n" +#: ipaserver/plugins/hbacrule.py:108 +msgid "The deny type has been deprecated." msgstr "" -#: ipaserver/plugins/otptoken.py:44 -msgid "" -"\n" -"Manage OTP tokens.\n" +#: ipaserver/plugins/hbacrule.py:131 +msgid "HBAC rules" msgstr "" -#: ipaserver/plugins/otptoken.py:46 -msgid "" -"\n" -"IPA supports the use of OTP tokens for multi-factor authentication. This\n" -"code enables the management of OTP tokens.\n" +#: ipaserver/plugins/hbacrule.py:201 +msgid "HBAC Rules" msgstr "" -#: ipaserver/plugins/otptoken.py:51 -msgid "" -"\n" -" Add a new token:\n" -" ipa otptoken-add --type=totp --owner=jdoe --desc=\"My soft token\"\n" +#: ipaserver/plugins/hbacrule.py:302 +#, python-format +msgid "Added HBAC rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/otptoken.py:54 -msgid "" -"\n" -" Examine the token:\n" -" ipa otptoken-show a93db710-a31a-4639-8647-f15b2c70b78a\n" +#: ipaserver/plugins/hbacrule.py:316 +#, python-format +msgid "Deleted HBAC rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/otptoken.py:57 +#: ipaserver/plugins/hbacrule.py:333 +#, python-format +msgid "Modified HBAC rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:368 +#, python-format +msgid "%(count)d HBAC rule matched" +msgid_plural "%(count)d HBAC rules matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/hbacrule.py:383 +#, python-format +msgid "Enabled HBAC rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:413 +#, python-format +msgid "Disabled HBAC rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:447 ipaserver/plugins/hbacrule.py:478 +msgid "Access time" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:565 +msgid "Add source hosts and hostgroups to an HBAC rule." +msgstr "" + +#: ipaserver/plugins/hbactest.py:45 msgid "" "\n" -" Change the vendor:\n" -" ipa otptoken-mod a93db710-a31a-4639-8647-f15b2c70b78a --vendor=\"Red Hat" +"Simulate use of Host-based access controls\n" +"\n" +"HBAC rules control who can access what services on what hosts.\n" +"You can use HBAC to control which users or groups can access a service,\n" +"or group of services, on a target host.\n" +"\n" +"Since applying HBAC rules implies use of a production environment,\n" +"this plugin aims to provide simulation of HBAC rules evaluation without\n" +"having access to the production environment.\n" +"\n" +" Test user coming to a service on a named host against\n" +" existing enabled rules.\n" +"\n" +" ipa hbactest --user= --host= --service=\n" +" [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n" +" [--sizelimit= ]\n" +"\n" +" --user, --host, and --service are mandatory, others are optional.\n" +"\n" +" If --rules is specified simulate enabling of the specified rules and test\n" +" the login of the user using only these rules.\n" +"\n" +" If --enabled is specified, all enabled HBAC rules will be added to " +"simulation\n" +"\n" +" If --disabled is specified, all disabled HBAC rules will be added to " +"simulation\n" +"\n" +" If --nodetail is specified, do not return information about rules matched/" +"not matched.\n" +"\n" +" If both --rules and --enabled are specified, apply simulation to --rules " +"_and_\n" +" all IPA enabled rules.\n" +"\n" +" If no --rules specified, simulation is run against all IPA enabled rules.\n" +" By default there is a IPA-wide limit to number of entries fetched, you can " +"change it\n" +" with --sizelimit option.\n" +"\n" +"EXAMPLES:\n" +"\n" +" 1. Use all enabled HBAC rules in IPA database to simulate:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +" Matched rules: allow_all\n" +"\n" +" 2. Disable detailed summary of how rules were applied:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +"\n" +" 3. Test explicitly specified HBAC rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n" +" --rules=myrule --rules=my-second-rule\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: myrule\n" +"\n" +" 4. Use all enabled HBAC rules in IPA database + explicitly specified " +"rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n" +" --rules=myrule --rules=my-second-rule --enabled\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +" Matched rules: allow_all\n" +"\n" +" 5. Test all disabled HBAC rules in IPA database:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" Not matched rules: new-rule\n" +"\n" +" 6. Test all disabled HBAC rules in IPA database + explicitly specified " +"rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n" +" --rules=myrule --rules=my-second-rule --disabled\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +"\n" +" 7. Test all (enabled and disabled) HBAC rules in IPA database:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n" +" --enabled --disabled\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +" Not matched rules: new-rule\n" +" Matched rules: allow_all\n" +"\n" +"\n" +"HBACTEST AND TRUSTED DOMAINS\n" +"\n" +"When an external trusted domain is configured in IPA, HBAC rules are also " +"applied\n" +"on users accessing IPA resources from the trusted domain. Trusted domain " +"users and\n" +"groups (and their SIDs) can be then assigned to external groups which can " +"be\n" +"members of POSIX groups in IPA which can be used in HBAC rules and thus " +"allowing\n" +"access to resources protected by the HBAC system.\n" +"\n" +"hbactest plugin is capable of testing access for both local IPA users and " +"users\n" +"from the trusted domains, either by a fully qualified user name or by user " +"SID.\n" +"Such user names need to have a trusted domain specified as a short name\n" +"(DOMAIN\\Administrator) or with a user principal name (UPN), " +"Administrator@ad.test.\n" +"\n" +"Please note that hbactest executed with a trusted domain user as --user " +"parameter\n" +"can be only run by members of \"trust admins\" group.\n" +"\n" +"EXAMPLES:\n" +"\n" +" 1. Test if a user from a trusted domain specified by its shortname " +"matches any\n" +" rule:\n" +"\n" +" $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --" +"service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Matched rules: can_login\n" +"\n" +" 2. Test if a user from a trusted domain specified by its domain name " +"matches\n" +" any rule:\n" +"\n" +" $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --" +"service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Matched rules: can_login\n" +"\n" +" 3. Test if a user from a trusted domain specified by its SID matches any " +"rule:\n" +"\n" +" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \\\\\n" +" --host `hostname` --service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Matched rules: can_login\n" +"\n" +" 4. Test if other user from a trusted domain specified by its SID matches " +"any rule:\n" +"\n" +" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \\" +"\\\n" +" --host `hostname` --service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Not matched rules: can_login\n" +"\n" +" 5. Test if other user from a trusted domain specified by its shortname " +"matches\n" +" any rule:\n" +"\n" +" $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service " +"sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Not matched rules: can_login\n" +msgstr "" + +#: ipaserver/plugins/hbactest.py:384 +msgid "Unresolved rules in --rules" +msgstr "" + +#: ipaserver/plugins/hbactest.py:408 ipaserver/plugins/trust.py:345 +msgid "" +"Cannot search in trusted domains without own domain configured. Make sure " +"you have run ipa-adtrust-install on the IPA server first" +msgstr "" + +#: ipaserver/plugins/hbactest.py:497 +#, python-format +msgid "Access granted: %s" +msgstr "" + +#: ipaserver/plugins/trust.py:83 +msgid "" +"\n" +"Cross-realm trusts\n" +"\n" +"Manage trust relationship between IPA and Active Directory domains.\n" +"\n" +"In order to allow users from a remote domain to access resources in IPA " +"domain,\n" +"trust relationship needs to be established. Currently IPA supports only " +"trusts\n" +"between IPA and Active Directory domains under control of Windows Server " +"2008\n" +"or later, with functional level 2008 or later.\n" +"\n" +"Please note that DNS on both IPA and Active Directory domain sides should " +"be\n" +"configured properly to discover each other. Trust relationship relies on\n" +"ability to discover special resources in the other domain via DNS records.\n" +"\n" +"Examples:\n" +"\n" +"1. Establish cross-realm trust with Active Directory using AD administrator\n" +" credentials:\n" +"\n" +" ipa trust-add --type=ad --admin --password\n" +"\n" +"2. List all existing trust relationships:\n" +"\n" +" ipa trust-find\n" +"\n" +"3. Show details of the specific trust relationship:\n" +"\n" +" ipa trust-show \n" +"\n" +"4. Delete existing trust relationship:\n" +"\n" +" ipa trust-del \n" +"\n" +"Once trust relationship is established, remote users will need to be mapped\n" +"to local POSIX groups in order to actually use IPA resources. The mapping\n" +"should be done via use of external membership of non-POSIX group and then\n" +"this group should be included into one of local POSIX groups.\n" +"\n" +"Example:\n" +"\n" +"1. Create group for the trusted domain admins' mapping and their local " +"POSIX\n" +"group:\n" +"\n" +" ipa group-add --desc=' admins external map' " +"ad_admins_external --external\n" +" ipa group-add --desc=' admins' ad_admins\n" +"\n" +"2. Add security identifier of Domain Admins of the to the\n" +" ad_admins_external group:\n" +"\n" +" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" +"\n" +"3. Allow members of ad_admins_external group to be associated with\n" +" ad_admins POSIX group:\n" +"\n" +" ipa group-add-member ad_admins --groups ad_admins_external\n" +"\n" +"4. List members of external members of ad_admins_external group to see\n" +" their SIDs:\n" +"\n" +" ipa group-show ad_admins_external\n" +"\n" +"\n" +"GLOBAL TRUST CONFIGURATION\n" +"\n" +"When IPA AD trust subpackage is installed and ipa-adtrust-install is run, a\n" +"local domain configuration (SID, GUID, NetBIOS name) is generated. These\n" +"identifiers are then used when communicating with a trusted domain of the\n" +"particular type.\n" +"\n" +"1. Show global trust configuration for Active Directory type of trusts:\n" +"\n" +" ipa trustconfig-show --type ad\n" +"\n" +"2. Modify global configuration for all trusts of Active Directory type and " +"set\n" +" a different fallback primary group (fallback primary group GID is used as " +"a\n" +" primary user GID if user authenticating to IPA domain does not have any\n" +" other primary GID already set):\n" +"\n" +" ipa trustconfig-mod --type ad --fallback-primary-group \"another AD group" +"\"\n" +"\n" +"3. Change primary fallback group back to default hidden group (any group " +"with\n" +" posixGroup object class is allowed):\n" +"\n" +" ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB Group" "\"\n" msgstr "" -#: ipaserver/plugins/otptoken.py:60 +#: ipaserver/plugins/trust.py:226 +#, python-format +msgid "" +" Alternatively, following servers are capable of running this command: " +"%(masters)s" +msgstr "" + +#: ipaserver/plugins/trust.py:239 ipaserver/plugins/trust.py:871 +#: ipaserver/plugins/trust.py:887 ipaserver/plugins/trust.py:908 +#: ipaserver/plugins/trust.py:918 ipaserver/plugins/trust.py:1071 +#: ipaserver/plugins/trust.py:1106 +msgid "AD Trust setup" +msgstr "" + +#: ipaserver/plugins/trust.py:250 +msgid "" +"Cannot perform the selected command without Samba 4 support installed. Make " +"sure you have installed server-trust-ad sub-package of IPA." +msgstr "" + +#: ipaserver/plugins/trust.py:260 +msgid "" +"Cannot perform the selected command without Samba 4 instance configured on " +"this machine. Make sure you have run ipa-adtrust-install on this server." +msgstr "" + +#: ipaserver/plugins/trust.py:474 +msgid "" +"Fetching domains from trusted forest failed. See details in the error_log" +msgstr "" + +#: ipaserver/plugins/trust.py:487 +msgid "trust" +msgstr "" + +#: ipaserver/plugins/trust.py:488 +msgid "trusts" +msgstr "" + +#: ipaserver/plugins/trust.py:531 +msgid "Trust" +msgstr "" + +#: ipaserver/plugins/trust.py:549 +msgid "SID blocklist incoming" +msgstr "" + +#: ipaserver/plugins/trust.py:553 +msgid "SID blocklist outgoing" +msgstr "" + +#: ipaserver/plugins/trust.py:569 +msgid "UPN suffixes" +msgstr "" + +#: ipaserver/plugins/trust.py:586 +#, python-brace-format +msgid "invalid SID: {SID}" +msgstr "" + +#: ipaserver/plugins/trust.py:654 msgid "" "\n" -" Delete a token:\n" -" ipa otptoken-del a93db710-a31a-4639-8647-f15b2c70b78a\n" +"Add new trust to use.\n" +"\n" +"This command establishes trust relationship to another domain\n" +"which becomes 'trusted'. As result, users of the trusted domain\n" +"may access resources of this domain.\n" +"\n" +"Only trusts to Active Directory domains are supported right now.\n" +"\n" +"The command can be safely run multiple times against the same domain,\n" +"this will cause change to trust relationship credentials on both\n" +"sides.\n" +"\n" +"Note that if the command was previously run with a specific range type,\n" +"or with automatic detection of the range type, and you want to configure a\n" +"different range type, you may need to delete first the ID range using\n" +"ipa idrange-del before retrying the command with the desired range type.\n" +" " msgstr "" -#: ipaserver/plugins/otptoken.py:137 -msgid "OTP token" +#: ipaserver/plugins/trust.py:712 +msgid "Type of trusted domain ID range, one of allowed values" msgstr "" -#: ipaserver/plugins/otptoken.py:138 -msgid "OTP tokens" +#: ipaserver/plugins/trust.py:724 +msgid "External trust" msgstr "" -#: ipaserver/plugins/otptoken.py:154 -msgid "OTP Tokens" +#: ipaserver/plugins/trust.py:726 +msgid "" +"Establish external trust to a domain in another forest. The trust is not " +"transitive beyond the domain." msgstr "" -#: ipaserver/plugins/otptoken.py:155 -msgid "OTP Token" -msgstr "" - -#: ipaserver/plugins/otptoken.py:272 -msgid "URI" -msgstr "" - -#: ipaserver/plugins/otptoken.py:281 +#: ipaserver/plugins/trust.py:732 #, python-format -msgid "Added OTP token \"%(value)s\"" +msgid "Added Active Directory trust for realm \"%(value)s\"" msgstr "" -#: ipaserver/plugins/otptoken.py:335 -msgid "cannot be empty" -msgstr "" - -#: ipaserver/plugins/otptoken.py:367 +#: ipaserver/plugins/trust.py:733 #, python-format -msgid "Deleted OTP token \"%(value)s\"" +msgid "Re-established trust to domain \"%(value)s\"" msgstr "" -#: ipaserver/plugins/otptoken.py:373 -#, python-format -msgid "Modified OTP token \"%(value)s\"" +#: ipaserver/plugins/trust.py:829 +msgid "missing base_id" msgstr "" -#: ipaserver/plugins/otptoken.py:422 +#: ipaserver/plugins/trust.py:831 +msgid "pysss_murmur is not available on the server and no base-id is given." +msgstr "" + +#: ipaserver/plugins/trust.py:841 +msgid "trust type" +msgstr "" + +#: ipaserver/plugins/trust.py:842 +msgid "only \"ad\" is supported" +msgstr "" + +#: ipaserver/plugins/trust.py:849 +msgid "" +"Cannot establish a trust to AD deployed in the same domain as IPA. Such " +"setup is not supported." +msgstr "" + +#: ipaserver/plugins/trust.py:862 +msgid "Realm-domain mismatch" +msgstr "" + +#: ipaserver/plugins/trust.py:863 +msgid "" +"To establish trust with Active Directory, the domain name and the realm name " +"of the IPA server must match" +msgstr "" + +#: ipaserver/plugins/trust.py:889 #, python-format -msgid "%(count)d OTP token matched" -msgid_plural "%(count)d OTP tokens matched" +msgid "" +"Trusted domain %(domain)s is included among IPA realm domains. It needs to " +"be removed prior to establishing the trust. See the \"ipa realmdomains-mod --" +"del-domain\" command." +msgstr "" + +#: ipaserver/plugins/trust.py:910 +msgid "Trusted domain and administrator account use different realms" +msgstr "" + +#: ipaserver/plugins/trust.py:919 +msgid "Realm administrator password should be specified" +msgstr "" + +#: ipaserver/plugins/trust.py:940 +msgid "id range type" +msgstr "" + +#: ipaserver/plugins/trust.py:942 +msgid "" +"Only the ipa-ad-trust and ipa-ad-trust-posix are allowed values for --range-" +"type when adding an AD trust." +msgstr "" + +#: ipaserver/plugins/trust.py:952 +msgid "id range" +msgstr "" + +#: ipaserver/plugins/trust.py:954 +msgid "" +"An id range already exists for this trust. You should either delete the old " +"range, or exclude --base-id/--range-size options from the command." +msgstr "" + +#: ipaserver/plugins/trust.py:976 +msgid "range exists" +msgstr "" + +#: ipaserver/plugins/trust.py:978 +msgid "" +"ID range with the same name but different domain SID already exists. The ID " +"range for the new trusted domain must be created manually." +msgstr "" + +#: ipaserver/plugins/trust.py:986 +msgid "range type change" +msgstr "" + +#: ipaserver/plugins/trust.py:987 +msgid "" +"ID range for the trusted domain already exists, but it has a different type. " +"Please remove the old range manually, or do not enforce type via --range-" +"type option." +msgstr "" + +#: ipaserver/plugins/trust.py:1025 +#, python-brace-format +msgid "Unable to resolve domain controller for {domain} domain. " +msgstr "" + +#: ipaserver/plugins/trust.py:1039 +msgid "" +"Forward policy is defined for it in IPA DNS, perhaps forwarder points to " +"incorrect host?" +msgstr "" + +#: ipaserver/plugins/trust.py:1045 +#, python-brace-format +msgid "" +"IPA manages DNS, please verify your DNS configuration and make sure that " +"service records of the '{domain}' domain can be resolved. Examples how to " +"configure DNS with CLI commands or the Web UI can be found in the " +"documentation. " +msgstr "" + +#: ipaserver/plugins/trust.py:1057 +#, python-brace-format +msgid "" +"Since IPA does not manage DNS records, ensure DNS is configured to resolve " +"'{domain}' domain from IPA hosts and back." +msgstr "" + +#: ipaserver/plugins/trust.py:1072 +msgid "Unable to verify write permissions to the AD" +msgstr "" + +#: ipaserver/plugins/trust.py:1107 +msgid "Not enough arguments specified to perform trust setup" +msgstr "" + +#: ipaserver/plugins/trust.py:1115 +#, python-format +msgid "Deleted trust \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/trust.py:1120 +msgid "" +"\n" +" Modify a trust (for future use).\n" +"\n" +" Currently only the default option to modify the LDAP attributes is\n" +" available. More specific options will be added in coming releases.\n" +" " +msgstr "" + +#: ipaserver/plugins/trust.py:1127 +#, python-format +msgid "Modified trust \"%(value)s\" (change will be effective in 60 seconds)" +msgstr "" + +#: ipaserver/plugins/trust.py:1145 +#, python-format +msgid "%(count)d trust matched" +msgid_plural "%(count)d trusts matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/permission.py:40 -msgid "" -"\n" -"Permissions\n" +#: ipaserver/plugins/trust.py:1234 +msgid "trust configuration" msgstr "" -#: ipaserver/plugins/permission.py:42 -msgid "" -"\n" -"A permission enables fine-grained delegation of rights. A permission is\n" -"a human-readable wrapper around a 389-ds Access Control Rule,\n" -"or instruction (ACI).\n" -"A permission grants the right to perform a specific task such as adding a\n" -"user, modifying a group, etc.\n" +#: ipaserver/plugins/trust.py:1240 ipaserver/plugins/trust.py:1241 +msgid "Global Trust Configuration" msgstr "" -#: ipaserver/plugins/permission.py:48 -msgid "" -"\n" -"A permission may not contain other permissions.\n" +#: ipaserver/plugins/trust.py:1266 +msgid "IPA AD trust agents" msgstr "" -#: ipaserver/plugins/permission.py:50 -msgid "" -"\n" -"* A permission grants access to read, write, add, delete, read, search,\n" -" or compare.\n" -"* A privilege combines similar permissions (for example all the permissions\n" -" needed to add a user).\n" -"* A role grants a set of privileges to users, groups, hosts or hostgroups.\n" +#: ipaserver/plugins/trust.py:1267 +msgid "IPA servers configured as AD trust agents" msgstr "" -#: ipaserver/plugins/permission.py:56 -msgid "" -"\n" -"A permission is made up of a number of different parts:\n" -"\n" -"1. The name of the permission.\n" -"2. The target of the permission.\n" -"3. The rights granted by the permission.\n" +#: ipaserver/plugins/trust.py:1272 +msgid "IPA AD trust controllers" msgstr "" -#: ipaserver/plugins/permission.py:62 -msgid "" -"\n" -"Rights define what operations are allowed, and may be one or more\n" -"of the following:\n" -"1. write - write one or more attributes\n" -"2. read - read one or more attributes\n" -"3. search - search on one or more attributes\n" -"4. compare - compare one or more attributes\n" -"5. add - add a new entry to the tree\n" -"6. delete - delete an existing entry\n" -"7. all - all permissions are granted\n" +#: ipaserver/plugins/trust.py:1273 +msgid "IPA servers configured as AD trust controllers" msgstr "" -#: ipaserver/plugins/permission.py:72 -msgid "" -"\n" -"Note the distinction between attributes and entries. The permissions are\n" -"independent, so being able to add a user does not mean that the user will\n" -"be editable.\n" +#: ipaserver/plugins/trust.py:1287 +msgid "unsupported trust type" msgstr "" -#: ipaserver/plugins/permission.py:76 -msgid "" -"\n" -"There are a number of allowed targets:\n" -"1. subtree: a DN; the permission applies to the subtree under this DN\n" -"2. target filter: an LDAP filter\n" -"3. target: DN with possible wildcards, specifies entries permission applies " -"to\n" -msgstr "" - -#: ipaserver/plugins/permission.py:81 -msgid "" -"\n" -"Additionally, there are the following convenience options.\n" -"Setting one of these options will set the corresponding attribute(s).\n" -"1. type: a type of object (user, group, etc); sets subtree and target " -"filter.\n" -"2. memberof: apply to members of a group; sets target filter\n" -"3. targetgroup: grant access to modify a specific group (such as granting\n" -" the rights to manage group membership); sets target.\n" -msgstr "" - -#: ipaserver/plugins/permission.py:88 -msgid "" -"\n" -"Managed permissions\n" -msgstr "" - -#: ipaserver/plugins/permission.py:90 -msgid "" -"\n" -"Permissions that come with IPA by default can be so-called \"managed\"\n" -"permissions. These have a default set of attributes they apply to,\n" -"but the administrator can add/remove individual attributes to/from the set.\n" -msgstr "" - -#: ipaserver/plugins/permission.py:94 -msgid "" -"\n" -"Deleting or renaming a managed permission, as well as changing its target,\n" -"is not allowed.\n" -msgstr "" - -#: ipaserver/plugins/permission.py:99 -msgid "" -"\n" -" Add a permission that grants the creation of users:\n" -" ipa permission-add --type=user --permissions=add \"Add Users\"\n" -msgstr "" - -#: ipaserver/plugins/permission.py:102 -msgid "" -"\n" -" Add a permission that grants the ability to manage group membership:\n" -" ipa permission-add --attrs=member --permissions=write --type=group " -"\"Manage Group Members\"\n" -msgstr "" - -#: ipaserver/plugins/permission.py:129 -msgid "must be enclosed in parentheses" -msgstr "" - -#: ipaserver/plugins/permission.py:149 +#: ipaserver/plugins/trust.py:1354 #, python-format -msgid "\"%s\" is not an object type" +msgid "Modified \"%(value)s\" trust configuration" msgstr "" -#: ipaserver/plugins/permission.py:151 ipaserver/plugins/permission.py:897 -#, python-format -msgid "\"%s\" is not a valid permission type" +#: ipaserver/plugins/trust.py:1419 +msgid "SID" msgstr "" -#: ipaserver/plugins/permission.py:353 -#, python-format -msgid "Deprecated; use %s" +#: ipaserver/plugins/trust.py:1545 +msgid "sidgen_was_run" msgstr "" -#: ipaserver/plugins/permission.py:370 -#, python-format -msgid "Permission with unknown flag %s may not be modified or removed" -msgstr "" - -#: ipaserver/plugins/permission.py:374 -msgid "A SYSTEM permission may not be modified or removed" -msgstr "" - -#: ipaserver/plugins/permission.py:624 -#, python-format -msgid "Entry %s not found" -msgstr "" - -#: ipaserver/plugins/permission.py:716 -#, python-format -msgid "The ACI for permission %(name)s was not found in %(dn)s " -msgstr "" - -#: ipaserver/plugins/permission.py:820 +#: ipaserver/plugins/trust.py:1547 msgid "" -"cannot specify full target filter and extra target filter simultaneously" +"This command relies on the existence of the \"editors\" group, but this " +"group was not found." msgstr "" -#: ipaserver/plugins/permission.py:843 +#: ipaserver/plugins/trust.py:1566 +msgid "trust domain" +msgstr "" + +#: ipaserver/plugins/trust.py:1567 +msgid "trust domains" +msgstr "" + +#: ipaserver/plugins/trust.py:1575 +msgid "Trusted domains" +msgstr "" + +#: ipaserver/plugins/trust.py:1576 +msgid "Trusted domain" +msgstr "" + +#: ipaserver/plugins/trust.py:1590 +msgid "Domain enabled" +msgstr "" + +#: ipaserver/plugins/trust.py:1662 #, python-format -msgid "option was renamed; use %s" +msgid "Removed information about the trusted domain \"%(value)s\"" msgstr "" -#: ipaserver/plugins/permission.py:847 -#, python-format -msgid "Cannot use %(old_name)s with %(new_name)s" -msgstr "" - -#: ipaserver/plugins/permission.py:861 ipaserver/plugins/permission.py:876 -#, python-format -msgid "%s: group not found" -msgstr "" - -#: ipaserver/plugins/permission.py:871 -msgid "target and targetgroup are mutually exclusive" -msgstr "" - -#: ipaserver/plugins/permission.py:892 -msgid "subtree and type are mutually exclusive" -msgstr "" - -#: ipaserver/plugins/permission.py:930 -msgid "Bad search filter" -msgstr "" - -#: ipaserver/plugins/permission.py:940 -#, python-format -msgid "Entry %s does not exist" -msgstr "" - -#: ipaserver/plugins/permission.py:949 +#: ipaserver/plugins/trust.py:1680 msgid "" -"there must be at least one target entry specifier (e.g. target, " -"targetfilter, attrs)" +"cannot delete root domain of the trust, use trust-del to delete the trust " +"itself" msgstr "" -#: ipaserver/plugins/permission.py:961 ipaserver/plugins/permission.py:989 +#: ipaserver/plugins/trust.py:1831 +msgid "" +"List of trust domains successfully refreshed. Use trustdomain-find command " +"to list them." +msgstr "" + +#: ipaserver/plugins/trust.py:1839 +msgid "Configure this server as a trust agent." +msgstr "" + +#: ipaserver/plugins/trust.py:1855 +msgid "Enable support for trusted domains for old clients" +msgstr "" + +#: ipaserver/plugins/trust.py:1871 +msgid "not allowed to remotely add agent" +msgstr "" + +#: ipaserver/plugins/trust.py:1907 #, python-format -msgid "Added permission \"%(value)s\"" +msgid "Enabled trust domain \"%(value)s\"" msgstr "" -#: ipaserver/plugins/permission.py:1014 -msgid "attrs and included attributes are mutually exclusive" +#: ipaserver/plugins/trust.py:1916 +msgid "Root domain of the trust is always enabled for the existing trust" msgstr "" -#: ipaserver/plugins/permission.py:1046 +#: ipaserver/plugins/trust.py:1949 #, python-format -msgid "Cannot store permission ACI to %s" +msgid "Disabled trust domain \"%(value)s\"" msgstr "" -#: ipaserver/plugins/permission.py:1057 +#: ipaserver/plugins/trust.py:1958 +msgid "" +"cannot disable root domain of the trust, use trust-del to delete the trust " +"itself" +msgstr "" + +#: ipaserver/plugins/virtual.py:57 +msgid "operation not defined" +msgstr "" + +#: ipaserver/plugins/virtual.py:82 #, python-format -msgid "Deleted permission \"%(value)s\"" +msgid "not allowed to perform operation: %s" msgstr "" -#: ipaserver/plugins/permission.py:1077 -msgid "cannot delete managed permissions" +#: ipaserver/plugins/virtual.py:84 +msgid "No such virtual command" msgstr "" -#: ipaserver/plugins/permission.py:1083 -#, python-format -msgid "ACI of permission %s was not found" -msgstr "" - -#: ipaserver/plugins/permission.py:1092 -#, python-format -msgid "Modified permission \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/permission.py:1125 -msgid "cannot rename managed permissions" -msgstr "" - -#: ipaserver/plugins/permission.py:1132 ipaserver/plugins/permission.py:1136 -msgid "not modifiable on managed permissions" -msgstr "" - -#: ipaserver/plugins/permission.py:1143 -msgid "only available on managed permissions" -msgstr "" - -#: ipaserver/plugins/permission.py:1150 ipaserver/plugins/permission.py:1269 -msgid "attrs and included/excluded attributes are mutually exclusive" -msgstr "" - -#: ipaserver/plugins/permission.py:1161 -msgid "cannot set bindtype for a permission that is assigned to a privilege" -msgstr "" - -#: ipaserver/plugins/permission.py:1258 -#, python-format -msgid "%(count)d permission matched" -msgid_plural "%(count)d permissions matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/dogtag.py:1243 -msgid "REST API is not logged in." -msgstr "" - -#: ipaserver/plugins/dogtag.py:1265 -#, python-format -msgid "Non-2xx response from CA REST API: %(status)d. %(explanation)s" -msgstr "" - -#: ipaserver/plugins/dogtag.py:1291 -msgid "Unable to communicate with CMS" -msgstr "" - -#: ipaserver/plugins/dogtag.py:1481 ipaserver/plugins/dogtag.py:1567 -#: ipaserver/plugins/dogtag.py:2073 ipaserver/plugins/dogtag.py:2083 -msgid "Response from CA was not valid JSON" -msgstr "" - -#: ipaserver/plugins/sudorule.py:42 +#: ipaserver/plugins/baseuser.py:57 msgid "" "\n" -"Sudo Rules\n" -msgstr "" - -#: ipaserver/plugins/sudorule.py:44 -msgid "" +"Baseuser\n" "\n" -"Sudo (su \"do\") allows a system administrator to delegate authority to\n" -"give certain users (or groups of users) the ability to run some (or all)\n" -"commands as root or another user while providing an audit trail of the\n" -"commands and their arguments.\n" +"This contains common definitions for user/stageuser\n" msgstr "" -#: ipaserver/plugins/sudorule.py:49 +#: ipaserver/plugins/baseuser.py:88 +msgid "must be TRUE or FALSE" +msgstr "" + +#: ipaserver/plugins/baseuser.py:145 msgid "" -"\n" -"FreeIPA provides a means to configure the various aspects of Sudo:\n" -" Users: The user(s)/group(s) allowed to invoke Sudo.\n" -" Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke " -"Sudo.\n" -" Allow Command: The specific command(s) permitted to be run via Sudo.\n" -" Deny Command: The specific command(s) prohibited to be run via Sudo.\n" -" RunAsUser: The user(s) or group(s) of users whose rights Sudo will be " -"invoked with.\n" -" RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n" -" Options: The various Sudoers Options that can modify Sudo's behavior.\n" +"Object class ipaNTUserAttrs is missing, user entry cannot have SMB " +"attributes." msgstr "" -#: ipaserver/plugins/sudorule.py:58 -msgid "" -"\n" -"An order can be added to a sudorule to control the order in which they\n" -"are evaluated (if the client supports it). This order is an integer and\n" -"must be unique.\n" +#: ipaserver/plugins/baseuser.py:269 +msgid "User password expiration" msgstr "" -#: ipaserver/plugins/sudorule.py:62 -msgid "" -"\n" -"FreeIPA provides a designated binddn to use with Sudo located at:\n" -"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n" +#: ipaserver/plugins/baseuser.py:410 +msgid "SMB logon script path" msgstr "" -#: ipaserver/plugins/sudorule.py:65 -msgid "" -"\n" -"To enable the binddn run the following command to set the password:\n" -"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -" -"ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example," -"dc=com\n" +#: ipaserver/plugins/baseuser.py:415 +msgid "SMB profile path" msgstr "" -#: ipaserver/plugins/sudorule.py:72 -msgid "" -"\n" -" Create a new rule:\n" -" ipa sudorule-add readfiles\n" +#: ipaserver/plugins/baseuser.py:420 +msgid "SMB Home Directory" msgstr "" -#: ipaserver/plugins/sudorule.py:75 -msgid "" -"\n" -" Add sudo command object and add it as allowed command in the rule:\n" -" ipa sudocmd-add /usr/bin/less\n" -" ipa sudorule-add-allow-command readfiles --sudocmds /usr/bin/less\n" +#: ipaserver/plugins/baseuser.py:425 +msgid "SMB Home Directory Drive" msgstr "" -#: ipaserver/plugins/sudorule.py:79 -msgid "" -"\n" -" Add a host to the rule:\n" -" ipa sudorule-add-host readfiles --hosts server.example.com\n" -msgstr "" - -#: ipaserver/plugins/sudorule.py:82 -msgid "" -"\n" -" Add a user to the rule:\n" -" ipa sudorule-add-user readfiles --users jsmith\n" -msgstr "" - -#: ipaserver/plugins/sudorule.py:85 -msgid "" -"\n" -" Add a special Sudo rule for default Sudo server configuration:\n" -" ipa sudorule-add defaults\n" -msgstr "" - -#: ipaserver/plugins/sudorule.py:88 -msgid "" -"\n" -" Set a default Sudo option:\n" -" ipa sudorule-add-option defaults --sudooption '!authenticate'\n" -msgstr "" - -#: ipaserver/plugins/sudorule.py:91 -msgid "" -"\n" -" Set SELinux type and role transitions on a rule:\n" -" ipa sudorule-add-option sysadmin_sudo --sudooption type=unconfined_t\n" -" ipa sudorule-add-option sysadmin_sudo --sudooption role=unconfined_r\n" -msgstr "" - -#: ipaserver/plugins/sudorule.py:105 -msgid "this option has been deprecated." -msgstr "" - -#: ipaserver/plugins/sudorule.py:133 -msgid "sudo rules" -msgstr "" - -#: ipaserver/plugins/sudorule.py:221 -msgid "Sudo Rules" -msgstr "" - -#: ipaserver/plugins/sudorule.py:222 -msgid "Sudo Rule" -msgstr "" - -#: ipaserver/plugins/sudorule.py:357 +#: ipaserver/plugins/baseuser.py:449 ipaserver/plugins/baseuser.py:453 #, python-format -msgid "order must be a unique value (%(order)d already used by %(rule)s)" +msgid "invalid e-mail format: %(email)s" msgstr "" -#: ipaserver/plugins/sudorule.py:388 +#: ipaserver/plugins/baseuser.py:480 #, python-format -msgid "Added Sudo Rule \"%(value)s\"" +msgid "manager %(manager)s not found" msgstr "" -#: ipaserver/plugins/sudorule.py:395 +#: ipaserver/plugins/baseuser.py:825 +msgid "Issuer of the certificate" +msgstr "" + +#: ipaserver/plugins/baseuser.py:832 +msgid "Subject of the certificate" +msgstr "" + +#: ipaserver/plugins/baseuser.py:877 +msgid "cannot have an empty subject" +msgstr "" + +#: ipaserver/plugins/baseuser.py:917 +msgid "cannot specify both subject/issuer and certificate" +msgstr "" + +#: ipaserver/plugins/baseuser.py:921 +msgid "cannot specify both subject/issuer and ipacertmapdata" +msgstr "" + +#: ipaserver/plugins/baseuser.py:945 ipaserver/plugins/user.py:1280 +msgid "Add one or more certificate mappings to the user entry." +msgstr "" + +#: ipaserver/plugins/baseuser.py:946 #, python-format -msgid "Deleted Sudo Rule \"%(value)s\"" +msgid "Added certificate mappings to user \"%(value)s\"" msgstr "" -#: ipaserver/plugins/sudorule.py:402 +#: ipaserver/plugins/baseuser.py:964 ipaserver/plugins/user.py:1285 +msgid "Remove one or more certificate mappings from the user entry." +msgstr "" + +#: ipaserver/plugins/baseuser.py:965 #, python-format -msgid "Modified Sudo Rule \"%(value)s\"" +msgid "Removed certificate mappings from user \"%(value)s\"" msgstr "" -#: ipaserver/plugins/sudorule.py:422 -#, python-format -msgid "" -"%(type)s category cannot be set to 'all' while there are allowed %(objects)s" -msgstr "" - -#: ipaserver/plugins/sudorule.py:438 -msgid "command" -msgstr "" - -#: ipaserver/plugins/sudorule.py:438 -msgid "commands" -msgstr "" - -#: ipaserver/plugins/sudorule.py:444 -msgid "runAs user" -msgstr "" - -#: ipaserver/plugins/sudorule.py:444 -msgid "runAs users" -msgstr "" - -#: ipaserver/plugins/sudorule.py:449 -msgid "group runAs" -msgstr "" - -#: ipaserver/plugins/sudorule.py:449 -msgid "runAs groups" -msgstr "" - -#: ipaserver/plugins/sudorule.py:470 -#, python-format -msgid "%(count)d Sudo Rule matched" -msgid_plural "%(count)d Sudo Rules matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/sudorule.py:542 -msgid "commands cannot be added when command category='all'" -msgstr "" - -#: ipaserver/plugins/sudorule.py:755 ipaserver/plugins/sudorule.py:868 -msgid "users cannot be added when runAs user or runAs group category='all'" -msgstr "" - -#: ipaserver/plugins/sudorule.py:762 -#, python-format -msgid "RunAsUser does not accept '%(name)s' as a user name" -msgstr "" - -#: ipaserver/plugins/sudorule.py:770 -#, python-format -msgid "RunAsUser does not accept '%(name)s' as a group name" -msgstr "" - -#: ipaserver/plugins/sudorule.py:875 -#, python-format -msgid "RunAsGroup does not accept '%(name)s' as a group name" -msgstr "" - -#: ipaserver/plugins/host.py:74 +#: ipaserver/plugins/batch.py:35 msgid "" "\n" -"Hosts/Machines\n" +"Plugin to make multiple ipa calls via one remote procedure call\n" +"\n" +"To run this code in the lite-server\n" +"\n" +"curl -H \"Content-Type:application/json\" -H \"Accept:application/" +"json\" -H \"Accept-Language:en\" --negotiate -u : --cacert /" +"etc/ipa/ca.crt -d @batch_request.json -X POST http://" +"localhost:8888/ipa/json\n" +"\n" +"where the contents of the file batch_request.json follow the below example\n" +"\n" +"{\"method\":\"batch\",\"params\":[[\n" +" {\"method\":\"group_find\",\"params\":[[],{}]},\n" +" {\"method\":\"user_find\",\"params\":[[],{\"whoami\":\"true\",\"all" +"\":\"true\"}]},\n" +" {\"method\":\"user_show\",\"params\":[[\"admin\"],{\"all\":true}]}\n" +" ],{}],\"id\":1}\n" +"\n" +"The format of the response is nested the same way. At the top you will see\n" +" \"error\": null,\n" +" \"id\": 1,\n" +" \"result\": {\n" +" \"count\": 3,\n" +" \"results\": [\n" +"\n" +"\n" +"And then a nested response for each IPA command method sent in the request\n" "\n" -"A host represents a machine. It can be used in a number of contexts:\n" -"- service entries are associated with a host\n" -"- a host stores the host/ service principal\n" -"- a host can be used in Host-based Access Control (HBAC) rules\n" -"- every enrolled client generates a host entry\n" msgstr "" -#: ipaserver/plugins/host.py:82 -msgid "" -"\n" -"ENROLLMENT:\n" -"\n" -"There are three enrollment scenarios when enrolling a new client:\n" -"\n" -"1. You are enrolling as a full administrator. The host entry may exist\n" -" or not. A full administrator is a member of the hostadmin role\n" -" or the admins group.\n" -"2. You are enrolling as a limited administrator. The host must already\n" -" exist. A limited administrator is a member a role with the\n" -" Host Enrollment privilege.\n" -"3. The host has been created with a one-time password.\n" +#: ipaserver/plugins/batch.py:71 +msgid "Make multiple ipa calls via one remote procedure call" msgstr "" -#: ipaserver/plugins/host.py:94 -msgid "" -"\n" -"RE-ENROLLMENT:\n" -"\n" -"Host that has been enrolled at some point, and lost its configuration (e.g. " -"VM\n" -"destroyed) can be re-enrolled.\n" -"\n" -"For more information, consult the manual pages for ipa-client-install.\n" -"\n" -"A host can optionally store information such as where it is located,\n" -"the OS that it runs, etc.\n" +#: ipaserver/plugins/batch.py:122 +msgid "must contain a tuple (list, dict)" msgstr "" -#: ipaserver/plugins/host.py:106 -msgid "" -"\n" -" Add a new host:\n" -" ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example." -"com\n" -msgstr "" - -#: ipaserver/plugins/host.py:109 -msgid "" -"\n" -" Delete a host:\n" -" ipa host-del test.example.com\n" -msgstr "" - -#: ipaserver/plugins/host.py:112 -msgid "" -"\n" -" Add a new host with a one-time password:\n" -" ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n" -msgstr "" - -#: ipaserver/plugins/host.py:115 -msgid "" -"\n" -" Add a new host with a random one-time password:\n" -" ipa host-add --os='Fedora 12' --random test.example.com\n" -msgstr "" - -#: ipaserver/plugins/host.py:118 -msgid "" -"\n" -" Modify information about a host:\n" -" ipa host-mod --os='Fedora 12' test.example.com\n" -msgstr "" - -#: ipaserver/plugins/host.py:121 -msgid "" -"\n" -" Remove SSH public keys of a host and update DNS to reflect this change:\n" -" ipa host-mod --sshpubkey= --updatedns test.example.com\n" -msgstr "" - -#: ipaserver/plugins/host.py:124 -msgid "" -"\n" -" Disable the host Kerberos key, SSL certificate and all of its services:\n" -" ipa host-disable test.example.com\n" -msgstr "" - -#: ipaserver/plugins/host.py:127 -msgid "" -"\n" -" Add a host that can manage this host's keytab and certificate:\n" -" ipa host-add-managedby --hosts=test2 test\n" -msgstr "" - -#: ipaserver/plugins/host.py:130 -msgid "" -"\n" -" Allow user to create a keytab:\n" -" ipa host-allow-create-keytab test2 --users=tuser1\n" -msgstr "" - -#: ipaserver/plugins/host.py:503 -msgid "Base-64 encoded host certificate" -msgstr "" - -#: ipaserver/plugins/host.py:657 +#: ipaserver/plugins/user.py:492 #, python-format -msgid "Added host \"%(value)s\"" +msgid "Added user \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:779 +#: ipaserver/plugins/user.py:591 +msgid "Default group for new users is not POSIX" +msgstr "" + +#: ipaserver/plugins/user.py:680 #, python-format -msgid "Deleted host \"%(value)s\"" +msgid "Deleted user \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:784 -msgid "Remove A, AAAA, SSHFP and PTR records of the host(s) managed by IPA DNS" -msgstr "" - -#: ipaserver/plugins/host.py:863 -msgid "No A, AAAA, SSHFP or PTR records found." -msgstr "" - -#: ipaserver/plugins/host.py:879 +#: ipaserver/plugins/user.py:698 #, python-format -msgid "Modified host \"%(value)s\"" +msgid "%s: user is already preserved" msgstr "" -#: ipaserver/plugins/host.py:899 -msgid "Password cannot be set on enrolled host." -msgstr "" - -#: ipaserver/plugins/host.py:903 -msgid "cn is immutable" -msgstr "" - -#: ipaserver/plugins/host.py:1027 +#: ipaserver/plugins/user.py:809 #, python-format -msgid "%(count)d host matched" -msgid_plural "%(count)d hosts matched" -msgstr[0] "" -msgstr[1] "" +msgid "Modified user \"%(value)s\"" +msgstr "" -#: ipaserver/plugins/host.py:1182 +#: ipaserver/plugins/user.py:920 #, python-format -msgid "Disabled host \"%(value)s\"" +msgid "Undeleted user account \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:1357 +#: ipaserver/plugins/user.py:934 #, python-format -msgid "Added certificates to host \"%(value)s\"" +msgid "user \"%s\" is already active" msgstr "" -#: ipaserver/plugins/host.py:1364 +#: ipaserver/plugins/user.py:965 #, python-format -msgid "Removed certificates from host \"%(value)s\"" +msgid "Staged user account \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:1380 -msgid "Add new principal alias to host entry" -msgstr "" - -#: ipaserver/plugins/host.py:1381 +#: ipaserver/plugins/user.py:1059 #, python-format -msgid "Added new aliases to host \"%(value)s\"" +msgid "Disabled user account \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:1392 -msgid "Remove principal alias from a host entry" -msgstr "" - -#: ipaserver/plugins/host.py:1393 +#: ipaserver/plugins/user.py:1081 #, python-format -msgid "Removed aliases from host \"%(value)s\"" +msgid "Enabled user account \"%(value)s\"" msgstr "" -#: ipaserver/rpcserver.py:533 -msgid "Request must be a dict" +#: ipaserver/plugins/user.py:1098 +msgid "" +"\n" +" Unlock a user account\n" +"\n" +" An account may become locked if the password is entered incorrectly too\n" +" many times within a specific time period as controlled by password\n" +" policy. A locked account is a temporary condition and may be unlocked " +"by\n" +" an administrator." msgstr "" -#: ipaserver/rpcserver.py:535 -msgid "Request is missing \"method\"" +#: ipaserver/plugins/user.py:1107 +#, python-format +msgid "Unlocked account \"%(value)s\"" msgstr "" -#: ipaserver/rpcserver.py:537 -msgid "Request is missing \"params\"" +#: ipaserver/plugins/user.py:1139 +msgid "Failed logins" msgstr "" -#: ipaserver/rpcserver.py:542 -msgid "params must be a list" +#: ipaserver/plugins/user.py:1143 +msgid "Last successful authentication" msgstr "" -#: ipaserver/rpcserver.py:544 -msgid "params must contain [args, options]" +#: ipaserver/plugins/user.py:1147 +msgid "Last failed authentication" msgstr "" -#: ipaserver/rpcserver.py:547 -msgid "params[0] (aka args) must be a list" +#: ipaserver/plugins/user.py:1151 +msgid "Time now" msgstr "" -#: ipaserver/rpcserver.py:550 -msgid "params[1] (aka options) must be a dict" +#: ipaserver/plugins/user.py:1159 +msgid "" +"\n" +" Lockout status of a user account\n" +"\n" +" An account may become locked if the password is entered incorrectly too\n" +" many times within a specific time period as controlled by password\n" +" policy. A locked account is a temporary condition and may be unlocked " +"by\n" +" an administrator.\n" +"\n" +" This connects to each IPA master and displays the lockout status on\n" +" each one.\n" +"\n" +" To determine whether an account is locked on a given server you need\n" +" to compare the number of failed logins and the time of the last " +"failure.\n" +" For an account to be locked it must exceed the maxfail failures within\n" +" the failinterval duration as specified in the password policy " +"associated\n" +" with the user.\n" +"\n" +" The failed login counter is modified only when a user attempts a log in\n" +" so it is possible that an account may appear locked but the last failed\n" +" login attempt is older than the lockouttime of the password policy. " +"This\n" +" means that the user may attempt a login again. " +msgstr "" + +#: ipaserver/plugins/user.py:1213 +#, python-format +msgid "%(host)s failed: %(error)s" +msgstr "" + +#: ipaserver/plugins/user.py:1251 +#, python-format +msgid "%(host)s failed" +msgstr "" + +#: ipaserver/plugins/user.py:1261 +#, python-format +msgid "Account disabled: %(disabled)s" +msgstr "" + +#: ipaserver/plugins/user.py:1269 +#, python-format +msgid "Added certificates to user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/user.py:1275 +#, python-format +msgid "Removed certificates from user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/user.py:1300 +msgid "Add new principal alias to the user entry" +msgstr "" + +#: ipaserver/plugins/user.py:1301 +#, python-format +msgid "Added new aliases to user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/user.py:1306 +msgid "Remove principal alias from the user entry" +msgstr "" + +#: ipaserver/plugins/user.py:1307 +#, python-format +msgid "Removed aliases from user \"%(value)s\"" msgstr "" #: ipaserver/servroles.py:296 @@ -26909,7 +26800,35 @@ msgstr "" msgid "Non-transitive external trust to an RFC4120-compliant Kerberos realm" msgstr "" -#: ipaserver/dcerpc.py:77 +#: ipaserver/rpcserver.py:533 +msgid "Request must be a dict" +msgstr "" + +#: ipaserver/rpcserver.py:535 +msgid "Request is missing \"method\"" +msgstr "" + +#: ipaserver/rpcserver.py:537 +msgid "Request is missing \"params\"" +msgstr "" + +#: ipaserver/rpcserver.py:542 +msgid "params must be a list" +msgstr "" + +#: ipaserver/rpcserver.py:544 +msgid "params must contain [args, options]" +msgstr "" + +#: ipaserver/rpcserver.py:547 +msgid "params[0] (aka args) must be a list" +msgstr "" + +#: ipaserver/rpcserver.py:550 +msgid "params[1] (aka options) must be a dict" +msgstr "" + +#: ipaserver/dcerpc.py:87 msgid "" "\n" "Classes to manage trust joins using DCE-RPC calls\n" @@ -26918,155 +26837,155 @@ msgid "" "and Samba4 python bindings.\n" msgstr "" -#: ipaserver/dcerpc.py:97 +#: ipaserver/dcerpc.py:107 msgid "CIFS server denied your credentials" msgstr "" -#: ipaserver/dcerpc.py:101 +#: ipaserver/dcerpc.py:111 msgid "communication with CIFS server was unsuccessful" msgstr "" -#: ipaserver/dcerpc.py:107 ipaserver/dcerpc.py:1348 +#: ipaserver/dcerpc.py:117 ipaserver/dcerpc.py:1376 msgid "AD domain controller" msgstr "" -#: ipaserver/dcerpc.py:108 +#: ipaserver/dcerpc.py:118 msgid "unsupported functional level" msgstr "" -#: ipaserver/dcerpc.py:111 +#: ipaserver/dcerpc.py:121 msgid "" "AD domain controller complains about communication sequence. It may mean " "unsynchronized time on both sides, for example" msgstr "" -#: ipaserver/dcerpc.py:119 ipaserver/dcerpc.py:125 ipaserver/dcerpc.py:128 +#: ipaserver/dcerpc.py:129 ipaserver/dcerpc.py:135 ipaserver/dcerpc.py:138 msgid "Cannot find specified domain or server name" msgstr "" -#: ipaserver/dcerpc.py:131 ipaserver/dcerpc.py:137 +#: ipaserver/dcerpc.py:141 ipaserver/dcerpc.py:147 msgid "" "AD DC was unable to reach any IPA domain controller. Most likely it is a DNS " "or firewall issue" msgstr "" -#: ipaserver/dcerpc.py:141 +#: ipaserver/dcerpc.py:151 msgid "At least the domain or IP address should be specified" msgstr "" -#: ipaserver/dcerpc.py:179 +#: ipaserver/dcerpc.py:189 #, python-format msgid "" "CIFS server communication error: code \"%(num)s\", message \"%(message)s" "\" (both may be \"None\")" msgstr "" -#: ipaserver/dcerpc.py:283 +#: ipaserver/dcerpc.py:293 msgid "no trusted domain is configured" msgstr "" -#: ipaserver/dcerpc.py:291 +#: ipaserver/dcerpc.py:301 msgid "domain is not configured" msgstr "" -#: ipaserver/dcerpc.py:298 +#: ipaserver/dcerpc.py:308 msgid "SID is not valid" msgstr "" -#: ipaserver/dcerpc.py:313 +#: ipaserver/dcerpc.py:323 msgid "SID does not match exactlywith any trusted domain's SID" msgstr "" -#: ipaserver/dcerpc.py:324 +#: ipaserver/dcerpc.py:334 msgid "SID does not match any trusted domain" msgstr "" -#: ipaserver/dcerpc.py:366 ipaserver/dcerpc.py:373 ipaserver/dcerpc.py:701 +#: ipaserver/dcerpc.py:376 ipaserver/dcerpc.py:383 ipaserver/dcerpc.py:711 msgid "Trust setup" msgstr "" -#: ipaserver/dcerpc.py:367 +#: ipaserver/dcerpc.py:377 msgid "Our domain is not configured" msgstr "" -#: ipaserver/dcerpc.py:374 +#: ipaserver/dcerpc.py:384 msgid "No trusted domain is not configured" msgstr "" -#: ipaserver/dcerpc.py:380 ipaserver/dcerpc.py:396 ipaserver/dcerpc.py:414 -#: ipaserver/dcerpc.py:420 ipaserver/dcerpc.py:428 ipaserver/dcerpc.py:443 -#: ipaserver/dcerpc.py:451 ipaserver/dcerpc.py:515 ipaserver/dcerpc.py:571 +#: ipaserver/dcerpc.py:390 ipaserver/dcerpc.py:406 ipaserver/dcerpc.py:424 +#: ipaserver/dcerpc.py:430 ipaserver/dcerpc.py:438 ipaserver/dcerpc.py:453 +#: ipaserver/dcerpc.py:461 ipaserver/dcerpc.py:525 ipaserver/dcerpc.py:581 msgid "trusted domain object" msgstr "" -#: ipaserver/dcerpc.py:381 +#: ipaserver/dcerpc.py:391 msgid "domain is not trusted" msgstr "" -#: ipaserver/dcerpc.py:397 +#: ipaserver/dcerpc.py:407 msgid "no trusted domain matched the specified flat name" msgstr "" -#: ipaserver/dcerpc.py:401 +#: ipaserver/dcerpc.py:411 msgid "trusted domain object not found" msgstr "" -#: ipaserver/dcerpc.py:415 +#: ipaserver/dcerpc.py:425 msgid "Object does not belong to a trusted domain" msgstr "" -#: ipaserver/dcerpc.py:421 +#: ipaserver/dcerpc.py:431 msgid "SSSD was unable to resolve the object to a valid SID" msgstr "" -#: ipaserver/dcerpc.py:429 ipaserver/dcerpc.py:572 +#: ipaserver/dcerpc.py:439 ipaserver/dcerpc.py:582 msgid "Ambiguous search, user domain was not specified" msgstr "" -#: ipaserver/dcerpc.py:444 ipaserver/dcerpc.py:516 +#: ipaserver/dcerpc.py:454 ipaserver/dcerpc.py:526 msgid "Trusted domain did not return a unique object" msgstr "" -#: ipaserver/dcerpc.py:452 +#: ipaserver/dcerpc.py:462 msgid "Trusted domain did not return a valid SID for the object" msgstr "" -#: ipaserver/dcerpc.py:556 ipaserver/dcerpc.py:567 +#: ipaserver/dcerpc.py:566 ipaserver/dcerpc.py:577 msgid "trusted domain user not found" msgstr "" -#: ipaserver/dcerpc.py:702 +#: ipaserver/dcerpc.py:712 msgid "Cannot retrieve trusted domain GC list" msgstr "" -#: ipaserver/dcerpc.py:850 +#: ipaserver/dcerpc.py:861 msgid "CIFS credentials object" msgstr "" -#: ipaserver/dcerpc.py:888 +#: ipaserver/dcerpc.py:899 #, python-format msgid "CIFS server %(host)s denied your credentials" msgstr "" -#: ipaserver/dcerpc.py:893 +#: ipaserver/dcerpc.py:904 #, python-format msgid "Cannot establish LSA connection to %(host)s. Is CIFS server running?" msgstr "" -#: ipaserver/dcerpc.py:1309 +#: ipaserver/dcerpc.py:1338 #, python-format msgid "" "the IPA server and the remote domain cannot share the same NetBIOS name: %s" msgstr "" -#: ipaserver/dcerpc.py:1337 +#: ipaserver/dcerpc.py:1365 #, python-brace-format msgid "" "There is already a trust to {ipa_domain} with unsupported type {trust_type}. " "Please remove it manually on AD DC side." msgstr "" -#: ipaserver/dcerpc.py:1465 +#: ipaserver/dcerpc.py:1502 #, python-format msgid "" "IPA master denied trust validation requests from AD DC %(count)d times. Most " @@ -27075,14 +26994,20 @@ msgid "" "SRV records to the correct IPA server." msgstr "" -#: ipaserver/dcerpc.py:1535 +#: ipaserver/dcerpc.py:1567 ipaserver/dcerpc.py:1697 msgid "Credentials" msgstr "" -#: ipaserver/dcerpc.py:1536 +#: ipaserver/dcerpc.py:1568 msgid "Missing credentials for cross-forest communication" msgstr "" +#: ipaserver/dcerpc.py:1698 +msgid "" +"Non-Kerberos user name was specified, please provide user@REALM variant " +"instead" +msgstr "" + #: ipaserver/topology.py:14 #, python-format msgid "" @@ -27105,15 +27030,15 @@ msgstr "" msgid "Topology does not allow server %(server)s to replicate with servers:" msgstr "" -#: ipatests/test_ipalib/test_parameters.py:232 -msgid "Hello world" -msgstr "" - #: ipatests/test_ipalib/test_frontend.py:206 #, python-format msgid "must equal %r" msgstr "" +#: ipatests/test_ipalib/test_parameters.py:232 +msgid "Hello world" +msgstr "" + #: ipatests/test_xmlrpc/test_radiusproxy_plugin.py:63 #: ipatests/test_xmlrpc/test_radiusproxy_plugin.py:71 #, python-format